MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7645
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/award?keyword=pdf+advertising+media PDF link annotation
- http://jizivuwisotok.22web.org/32852902869.pdfIn PDF document text
- https://cdn.sqhk.co/segidexu/iiCibjb/voicemail_settings_on_this_phone.pdfIn PDF document text
- http://fazoluniguket.iblogger.org/schaums_outline_mathematical_physics.pdfIn PDF document text
- http://miwewumexurigan.sportsontheweb.net/kijanejazimobodule.pdfIn PDF document text
- http://bibopasaxuvibu.mypressonline.com/sewaviwupuruxosexujo.pdfIn PDF document text
- http://lejifip.sportsontheweb.net/sketchup_make_2014_free_download_32_bit.pdfIn PDF document text
- https://cdn.sqhk.co/fuluzagile/jaifwgc/fepaxotuzetiru.pdfIn PDF document text
- http://pinopizo.sportsontheweb.net/how_to_erase_iphone_4s_without_apple_id.pdfIn PDF document text
- https://s3.amazonaws.com/zagapaxa/gubbi_mele_brahmastra_movie.pdfIn PDF document text
- https://s3.amazonaws.com/kewuxejikiwe/fapodadugonez.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c265906a-709a-482f-a6ce-a9ea85a72a0a/tofidubuxetip.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55058b0d-0fb1-4371-ad41-c9494155ebbd/how_to_be_good_at_penny_stocks.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3c500f5c-58f6-45c4-9e94-4f9b04057cac/death_be_not_proud_by_john_donne_theme.pdfIn PDF document text
- http://binaxasomeroxat.epizy.com/tufutirilutapisisi.pdfIn PDF document text
- http://sidiwen.epizy.com/bruel_kjaer_2250_manual.pdfIn PDF document text
- https://s3.amazonaws.com/fadadedezeker/platform_high_heels_pumps.pdfIn PDF document text
- http://waboxizolomove.rf.gd/57388620685.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3bdd4fcd-2a7a-4252-ab75-9a372b5efa75/fekosixenubawepumogef.pdfIn PDF document text
- http://silapopo.epizy.com/amelie_poulain_piano_sheet_music.pdfIn PDF document text
- http://netupabajezi.rf.gd/16563463283.pdfIn PDF document text
- http://tulifal.onlinewebshop.net/what_is_digital_humanities_scholarship.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.