MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by multiple heuristics as malicious, including ClamAV detection and an ML classifier. It contains a large number of external links, many of which point to PDF files, suggesting a link farm or SEO spam operation. The document body, though heavily obfuscated, appears to be related to 'calorie counting chart pdf', a common lure for phishing or malicious redirects. The presence of PRC/3D content is also noted.
Machine Learning
- Nyx PDF Classifier malicious score 0.8274
Heuristics 5
-
PRC/3D content in PDF medium PDF_PRC_3DPDF contains PRC 3D content. PRC/U3D parsers have been a recurring Adobe Reader attack surface; treat as a related parser-exploit indicator rather than a specific CVE match.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/award?keyword=calorie+counting+chart+pdf
- https://sufixekanol.weebly.com/uploads/1/3/4/7/134712322/joguwas.pdf
- https://ginuzakonufa.weebly.com/uploads/1/3/2/6/132681862/ad4cab2b11f1b98.pdf
- https://nefopenexa.weebly.com/uploads/1/3/0/7/130739549/pebupudefini.pdf
- https://navojinalano.weebly.com/uploads/1/3/4/7/134755450/7321653.pdf
- http://zamuxodub.22web.org/80294422295.pdf
- https://vepodiruwa.weebly.com/uploads/1/3/4/3/134374194/dunoxanin_xowuko.pdf
- https://zoxamadafipezo.weebly.com/uploads/1/3/1/1/131164297/db05b107b52e70.pdf
- https://rovinimowi.weebly.com/uploads/1/3/4/6/134682499/3314326.pdf
- https://xalekosud.weebly.com/uploads/1/3/5/3/135350534/nuwogajasadi-zezosobilax-numal.pdf
- http://zukuwoluzut.iblogger.org/53206427090.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://nakimot.epizy.com/7800999361.pdf
- https://e192e36c-395d-4660-9df6-aa7aed00c30a.filesusr.com/ugd/3aee12_d89de8ad01ec4196a972b1af6f0701a6.pdf?index=true
- http://gizoronof.epizy.com/ligofinoliko.pdf
- http://povajifen.rf.gd/27895725020.pdf
- https://627ea4a7-3f28-4bf3-8c99-6a9da7dacf48.filesusr.com/ugd/1970e2_4d4521cbcb6841c6ad1cd1bc992d05ab.pdf?index=true
- https://s3.amazonaws.com/tisegovofu/semofanugir.pdf
- https://s3.amazonaws.com/xozeb/56223429184.pdf
- https://ebd73b9a-b255-48a5-b781-2bd84b483b4c.filesusr.com/ugd/956c05_b08cf3a0b86f4576b0433e5fedcc317c.pdf?index=true
- https://s3.amazonaws.com/xuzakob/zufewadovepawekobiwu.pdf
- https://436010f1-0dd7-4950-aec0-3bdf337573e8.filesusr.com/ugd/5a4c69_657f8932023f4342901ff05d397b75c8.pdf?index=true
- https://b860438a-ced3-4995-86f2-ad9a24e3f15c.filesusr.com/ugd/938eb2_66c88dd77ee14ab3b07c18b4520cf242.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f7c5.binc1f20c6e980c2ed963c332d9c15b7178c13c5d939c6f4dbdd4b2c2addeb30b83 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7C5 | 5144 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.