MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with a critical heuristic identifying a link farm pattern. One of the primary URLs, 'https://traffnew.ru/strik?utm_term=s%25C4%25B1rad%25C4%25B1%25C5%259F%25C4%25B1+analiz+matematik+pdf', is flagged as suspicious and likely leads to a malicious site. The ClamAV detection and ML classifier strongly indicate malicious intent, consistent with phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/strik?utm_term=s%25C4%25B1rad%25C4%25B1%25C5%259F%25C4%25B1+analiz+matematik+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4366017/normal_5f88f54e5a301.pdfIn PDF document text
- https://kotafogora.weebly.com/uploads/1/3/4/3/134322717/dagujakesukes.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4428341/normal_5fa5668e4a09d.pdfIn PDF document text
- https://gofobodobade.weebly.com/uploads/1/3/4/4/134444694/jafadeke.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/dazemi/34283820583.pdfIn PDF document text
- https://s3.amazonaws.com/varolexexus/coplanar_waveguide_higher_order_modes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/84eb96d8-1aa8-4f23-9ded-63b1d016aef3/48366367014.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fef31113-dd0e-4879-b5ff-aa97ea7f3245/2010_ap_biology_free_response.pdfIn PDF document text
- https://s3.amazonaws.com/muxozuvalubi/teacup_chihuahua_for_sale_in_pa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d80b4427-6488-43ce-9d4a-777c02876252/34248872977.pdfIn PDF document text
- https://s3.amazonaws.com/jufinanamek/lilarolugipas.pdfIn PDF document text
- https://s3.amazonaws.com/wibedubosateg/lomifixero.pdfIn PDF document text
- https://s3.amazonaws.com/nitajosasa/82978354979.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/876c9630-3ffe-4f13-810f-a29bccc32e5c/mobudix.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01a620b2-60c2-4f2e-ad36-287afb2c909e/initiation_of_claire_castel.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000af2f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAF2F | 5504 bytes |
SHA-256: bdf502122a2d27ad4994a4cb0e7ee326c1725e573acaa7a2d0824590fca4297d |
|||
font_01_sfnt_off0000c1de.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC1DE | 11756 bytes |
SHA-256: 03cc96b58c670e538add64e0aecaa865248770686b3ccf3c86956cfdd845f4a9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.