MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a large number of external links, many of which are hosted on suspicious domains or use generic filenames, indicating a link farm or SEO spam tactic. The ClamAV detection and ML classifier also flagged this file as malicious, specifically as a phishing trojan. While no scripts were extracted, the presence of numerous external links suggests an attempt to redirect the user to malicious content or phishing sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.8071
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/award?keyword=codex+adeptus+custodes+pdf+v8 PDF link annotation
- https://cdn.sqhk.co/kixagixupo/Pchipmq/jekemigonu.pdfIn PDF document text
- https://cdn.sqhk.co/modonasuje/heghgKd/flat_pack_kitchen_cabinets_online.pdfIn PDF document text
- https://cdn.sqhk.co/muwazubivotu/6hvjabD/mythwars_puzzles_rpg_match_3.pdfIn PDF document text
- https://cdn.sqhk.co/livukigelo/iW8jeig/top_100_bollywood_songs_2019.pdfIn PDF document text
- https://cdn.sqhk.co/lijipatalenu/HgcqidG/bukaweno.pdfIn PDF document text
- https://noloxuxema.weebly.com/uploads/1/3/1/4/131453633/2692822.pdfIn PDF document text
- https://cdn.sqhk.co/desogepupema/ajehjcN/16285539748.pdfIn PDF document text
- https://cdn.sqhk.co/kulobibab/jSjdPmz/vetaxarapik.pdfIn PDF document text
- https://cdn.sqhk.co/lubigegek/cyljfii/island_of_war_2_game_size.pdfIn PDF document text
- https://cdn.sqhk.co/tufiroxova/jRhb0ty/83707563977.pdfIn PDF document text
- https://mijevofere.weebly.com/uploads/1/3/1/6/131606011/7f85dfc6.pdfIn PDF document text
- https://cdn.sqhk.co/pagozixupezi/gTrVjer/39239565953.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/falevi/zimuzuviwadumukifop.pdfIn PDF document text
- https://s3.amazonaws.com/jupudizadid/adobe_captivate_9_free_trial.pdfIn PDF document text
- https://s3.amazonaws.com/sazomo/acute_pancreatitis_guidelines_2018_acg.pdfIn PDF document text
- https://s3.amazonaws.com/muxozuvalubi/wipiv.pdfIn PDF document text
- https://s3.amazonaws.com/gifojuxaxeva/64379708569.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5b00c299-9b49-4e54-ac89-5d7d0311a557/what_if_my_address_is_wrong_on_google_maps.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4d35cb33-ce34-4e3f-973c-e760925b3a83/zatoxabamalomaja.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010d07.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D07 | 5248 bytes |
SHA-256: 9d09f3e8318cd38c47951d6a5274c980f2986522fa246c5efea66711fe499b34 |
|||
font_01_sfnt_off00011f03.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11F03 | 11228 bytes |
SHA-256: 204e55d3133bc9e3b73c0666d5ecd4f988c6e3c7741a414cc5a6fe994ba9f113 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.