MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF document exhibits characteristics of a phishing lure, including being image-only with a clickable action to an external URL. The embedded JavaScript and the high ML classifier score further indicate malicious intent. The document likely attempts to trick the user into visiting a malicious site or downloading a payload, as suggested by the ClamAV detection and the numerous external URLs.
Machine Learning
- Nyx PDF Classifier malicious score 0.7092
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 41 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cructi.ru/uplcv?utm_term=nova+versao+android
- https://festivalecolo.ca/wp-content/plugins/formcraft/file-upload/server/content/files/16135a7448dabe---fimozawerabovorujasorabo.pdf
- https://triatlonshop.cz/userfiles/file/zizozose.pdf
- https://stiff.pl/ckfinder/userfiles/files/tafabovuduxa.pdf
- https://alyosserspneed.com/userfiles/files/93497295099.pdf
- https://unaizahic.com/Files/files/33483174342.pdf
- http://bigbazar.cz/is/images/FCKeditor/File/56813370827.pdf
- http://perchegouet.com/ckfinder/userfiles/files/14112841102.pdf
- http://guides2alpes.fr/uploads/file/ridujubimurosewosumuvefew.pdf
- https://jagamimpi.org/contents/files/57895903368.pdf
- https://www.hauptsache.cc/wp-content/plugins/formcraft/file-upload/server/content/files/161434b5bb76a1---87463713517.pdf
- https://funcarele.com/ckfinder/userfiles/files/13246584548.pdf
- https://yantrasearch.com/ckfinder/userfiles/files/40136673129.pdf
- http://aleshashop.net/uploaded_files/userfiles/files/48663798600.pdf
- http://chataphan.com/file_media/file_image/file/sunuj.pdf
- http://lamorenj.com/userfiles/files/81231933970.pdf
- http://garage-fuji.jp/js/upload/files/30593711158.pdf
- https://mkontakt.pl/dat/file/90247068196.pdf
- http://www.pratikchoudhury.com/fckimages/file/detasufabobibumuxujewoj.pdf
- http://diennuocdanang.com/uploads/image/files/16805827637.pdf
- https://hglobaltourb2c.com/FileData/ckfinder/files/20210916_BA40879C95D77C7E.pdf
- https://designmaster.in/scgtest/eec-new/codelibrary/ckeditor/ckfinder/userfiles/files/pifogetaji.pdf
- http://halaljones.com/uploads/files/xudunoparowadudetukujoli.pdf
- http://huichem.com/ckfinder/userfiles/files/26555897053.pdf
- http://warwick-ems.org/userfiles/file/62902385909.pdf
- http://flairpens.ru/uploads/file/dubarikifudoxorazurowebot.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.