MALICIOUS
196
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a heuristic indicating a link farm and an external URI pointing to a suspicious domain, likely for phishing or malware distribution. The ML classifier and ClamAV detection strongly suggest malicious intent. The document body, though heavily obfuscated, contains references to 'Gta v highly compressed android' and the wkhtmltopdf tool, suggesting a lure to a fake download or scam.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://drafthe.ru/pbw?utm_term=gta+v+highly+compressed+android PDF link annotation
- https://fupigipefixoxom.weebly.com/uploads/1/3/1/3/131379213/faxiwosuwim.pdfIn PDF document text
- https://wuvepadin.weebly.com/uploads/1/3/4/7/134714831/f209f1.pdfIn PDF document text
- https://vowizata.weebly.com/uploads/1/3/1/8/131856430/zikog_dosone.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367296/normal_601c8bb47d1bd.pdfIn PDF document text
- https://kezidixujaroko.weebly.com/uploads/1/3/4/0/134040737/8172aace11ab.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365540/normal_602da133cf7e4.pdfIn PDF document text
- https://jaxesipip.weebly.com/uploads/1/3/4/5/134583604/ragubevi-bojakoze-nijin.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/54ee5a2a-16d2-438b-a1a1-ee1068a85c4e/visidunaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f99eccc2-9238-4a31-bb7f-e2191a131a6a/48783837406.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7656b9a3-fb14-4a25-a498-343b8f9f763b/49805864545.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c0db73c0-d30a-48ab-90f2-af439480fbfe/mathematics_for_business_and_personal_finance_workbook_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cded1656-d6dd-4d51-a185-4818aab4787f/stick_rpg_2_tips_and_tricks.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/11a485e2-45ef-413b-97cf-f1d068dd0bb0/98901987208.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78cd0e09-5305-499e-9723-b2288bf4a935/fe_mechanical_review_manual_michael_lindeburg.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b630ee4a-c82f-44be-aae5-6446e2c4c98b/zetum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/71b669e4-66cc-407b-8e03-488c9f49635b/zuritetapa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7b15aff8-a10a-467d-9ac7-fe4ed2612aca/taco_bell_chicken_taco_salad_nutrition_facts.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/69ee3e30-8a24-439b-b8ae-3515d9824861/german_book_for_beginners.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a35ce464-93d0-4931-8e19-6a6541181305/el_rey_pico_de_tordo_pelcula_completa_en_espaol_latino.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eadf9432-1a69-48bf-a81e-7d9fc56b9f8d/bepakaweti.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5e97cdfe-6032-4720-aa07-6ad69bac7aa3/nufuzejuzuvivokokudomugum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/90c125dc-1a2e-4eba-8778-39e6fad33d1c/what_formula_does_wic_cover_in_nc.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ec9b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC9B | 5680 bytes |
SHA-256: e45b0246eaee3f3c28ead64af7e7ddb2687784ad89b49485f9f033ad61af676a |
|||
font_01_sfnt_off0000ffd2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFD2 | 11316 bytes |
SHA-256: fba40f151587c4ecdbfbc640d545cf300f7d35db197a4d7ced8d0c050bcbac2d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.