MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a large number of external links, identified as a 'PDF link farm'. One of the primary external links points to 'traffine.ru', which is flagged as suspicious. The ClamAV detection and ML classifier also indicate maliciousness, suggesting a phishing or malicious content distribution scheme. No scripts were extracted, but the PDF structure itself is indicative of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.7981
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/strik?utm_term=candidate+elimination+algorithm+negative+example PDF link annotation
- https://static.s123-cdn-static.com/uploads/4495988/normal_5fc805c86e74a.pdfIn PDF document text
- https://vapesokon.weebly.com/uploads/1/3/4/3/134329795/5645903.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4445103/normal_5fa51a689fe60.pdfIn PDF document text
- https://bimukata.weebly.com/uploads/1/3/4/5/134598529/cdcc70260971365.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450732/normal_5fda86c8d717b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4465024/normal_5fa46f3ae7848.pdfIn PDF document text
- https://wesujugureju.weebly.com/uploads/1/3/0/8/130874517/pakotusadezidudu.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe2a5c6457125654040fb7/1606298235859/memakizizi.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc58414a3bf4b14abc861b4/t/5fd6775696ed101a3e43dd0f/1607890776409/best_stock_android_phones_below_10000.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf5c22f3de5e49b55bbdaf/1606376484319/zetelutazerusamezulezoz.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc67f67ab79f442f2500a09/t/5fd74e9e9264095525f09e84/1607945889634/diary_wimpy_kid_book_report.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012b2a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12B2A | 5228 bytes |
SHA-256: 94d9cad9078a0ebf93cd8fc07459972de9dbecd85553fad7c1242d1c4f9cfd5b |
|||
font_01_sfnt_off00013ccd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13CCD | 10856 bytes |
SHA-256: 58df006dc85d2edf5ac16d6e3dd8939436ff342f42974a94bf81127618e98e85 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.