MALICIOUS
136
Risk Score
Machine Learning
- Nyx PDF Classifier suspicious score 0.4107
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cafij.co.za/XSRYdR1H?utm_term=sindrome+de+absorcion+intestinal+deficiente+pdf PDF link annotation
- http://www.melodypods.com/wp-content/plugins/formcraft/file-upload/server/content/files/1617fbfa75c3be---85771292951.pdfIn PDF document text
- http://mistralizmiryonetim.com/uploads/file/wudapejinasiluvig.pdfIn PDF document text
- http://stickerbarcode.com/file_media/file_image/file/tazuvivedu.pdfIn PDF document text
- http://mpapir.ekopapir.com/images/files/58155130712.pdfIn PDF document text
- https://gz-topstar.com/wp-content/plugins/super-forms/uploads/php/files/5ea66d552290bc27939f546f2c9a38e1/wowugomiguridevinigikilik.pdfIn PDF document text
- https://yesilkoyluleriz.biz/resimler/files/12338319619.pdfIn PDF document text
- https://gornjastubica.hr/files/12723275315.pdfIn PDF document text
- http://bassonconsulting.mc/userfiles/file/2939190665.pdfIn PDF document text
- https://smobiil.eu/userfiles/files/lazavejijug.pdfIn PDF document text
- http://xn--dlek-5qa.com/admin/UserFiles/file/tulimarogazitubimapoboxi.pdfIn PDF document text
- http://solo-reisen.com/media/images/file/vuxodumipalaguvavaso.pdfIn PDF document text
- http://dolphinegypt.net/userfiles/file/lesopamudifokefubujukot.pdfIn PDF document text
- http://juditphotography.com/picture/userfiles/file/30276567500.pdfIn PDF document text
- http://santinitravel.co/files/others/88826885763.pdfIn PDF document text
- http://alvitraders.com/files/91252365614.pdfIn PDF document text
- http://amon-syotengai.com/userfiles/file/10869489332.pdfIn PDF document text
- http://artvideo74.ru/upfiles/files/jabodagedul.pdfIn PDF document text
- http://ats-dz.com/userfiles/file/doxowepabogumobuxoben.pdfIn PDF document text
- http://eastcity.hu/ufiles/file/78672919587.pdfIn PDF document text
- http://massageindex.nl/images/uploads/jikebubuguw.pdfIn PDF document text
- http://szyldkj.com/luodan/images/userfiles/file/kowoli.pdfIn PDF document text
- https://urbanshapes.in/userfiles/file/vojejedifevixipawis.pdfIn PDF document text
- http://bartuceviri.com/userfiles/file/34736528928.pdfIn PDF document text
- http://swapnakoodu.com/fck_uploads/file/bamulubedojemutimoxif.pdfIn PDF document text
- http://iccarrentals.com/files/file/66279376719.pdfIn PDF document text
- http://www.gunyagder.org.tr/wp-content/plugins/super-forms/uploads/php/files/qluvkfv3ipq7ochv276i8mgo75/rebudexagimazulereseg.pdfIn PDF document text
- https://lienlacanien.com/img_pages/file/83919801612.pdfIn PDF document text
- http://vrakskodamnetice.cz/file/86368212929.pdfIn PDF document text
- https://vannordenvastgoed.nl/userfiles/file/22956982581.pdfIn PDF document text
- http://asbu.net/uploads/FCK_files/file/nagajesudanunagimiv.pdfIn PDF document text
- http://rintoyo.com/userfiles/file/povasa.pdfIn PDF document text
- http://opusbiz.kr/data/editor/file/173289960461f1c166b860a.pdfIn PDF document text
- http://doremimarlikinsaat.com/userfiles/file/fobinixufadul.pdfIn PDF document text
- https://ijfbacknumber.com/editor_up/47743519115.pdfIn PDF document text
- https://pastelbuilders.com/userfiles/file/wazudunuvavese.pdfIn PDF document text
- http://diencongnghiepvohoang.com/uploads/files/38035361505.pdfIn PDF document text
- http://lnyuanzong.com/uploads/files/20211025050236.pdfIn PDF document text
- http://interface-referencement.com/userfiles/file/rowid.pdfIn PDF document text
- http://alfavit.tv/userfiles/file/40108765183.pdfIn PDF document text
- https://visualmotion.nl/uploads/file/32809731743.pdfIn PDF document text
- http://global-insurance-broker.de/downloads/43430760785.pdfIn PDF document text
- https://travellifeafrica.com/ci/userfiles/files/33965789045.pdfIn PDF document text
- https://jdbailbonds.com/wp-content/plugins/super-forms/uploads/php/files/8b3ffd53bf53b02693f9af7af901abb9/rulotofenuda.pdfIn PDF document text
- http://rencontres-icare.org/userfiles/file/66979658212.pdfIn PDF document text
- http://www.jamesbgriffinlaw.com/wp-content/plugins/formcraft/file-upload/server/content/files/1616a781d164e7---netizirabipamilexesuk.pdfIn PDF document text
- http://jamalcar.com/userfiles/file/80956975770.pdfIn PDF document text
- https://infosantiere.ro/userfiles/file/97096073074.pdfIn PDF document text
- http://topup-fight.com/ckfinder/userfiles/files/52727700043.pdfIn PDF document text
- http://lawfirm.vn/MINH/user_files/file/7199222567.pdfIn PDF document text
+10 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0006cf56.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CF56 | 16560 bytes |
SHA-256: 924ad5cb737cfd9a34472b2046831991df4d3950e5f0d7b552a18309318c2ee9 |
|||
font_01_sfnt_off0006e671.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E671 | 16456 bytes |
SHA-256: fd9ef3c3388d8a524da78cde7bbc5cd947959f285f83f2b43afe6d3fe4502d3b |
|||
font_02_sfnt_off00071121.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71121 | 10996 bytes |
SHA-256: 5868d120249f7a3e1c5023ade89ae82b2b509fc07b84adc94f35fa76eff75157 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.