MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with one prominent URL pointing to a page that mimics an English test. ClamAV and ML classifiers strongly indicate maliciousness, classifying it as a phishing trojan. The heuristic 'PDF_SEO_LINK_FARM' suggests the document is designed to generate traffic or distribute other malicious files via a large number of links.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/award?keyword=cambridge+assessment+english+test+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4383695/normal_5fe9c8bf14c5c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4457311/normal_605523ca53ed0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4452851/normal_60552e716191f.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/bokofapig/61616945822.pdfIn PDF document text
- https://24a70dd4-b549-4b9e-9c0a-6eea45ab85ad.filesusr.com/ugd/ab0c63_fadc711d8dfa41d3aaf5df1c2ce7fa5f.pdf?index=trueIn PDF document text
- https://044e8d80-c429-4a1f-820d-9b443c65b389.filesusr.com/ugd/53c654_05ff69b688ae46ecad8cb68e56704128.pdf?index=trueIn PDF document text
- https://acaa17bf-cf2e-4132-a9e9-810271eb8bc4.filesusr.com/ugd/ab5b4c_da3e99273e2442ac9d42e44a06a657d8.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gezizefefififa/intergovernmental_panel_on_climate_change_report_2017.pdfIn PDF document text
- https://121f8fc1-d270-4171-a721-8ccd656fc20f.filesusr.com/ugd/2ca22b_d8dfb3cad8cd4f9bb49821133c7f87c6.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/mozirolinitaje/welding_inverter_vs_transformer.pdfIn PDF document text
- https://s3.amazonaws.com/mokuwanibof/android_set_adjustviewbounds_programmatically.pdfIn PDF document text
- https://s3.amazonaws.com/xukonakefules/23704598652.pdfIn PDF document text
- https://s3.amazonaws.com/lorifawuvawot/trade_association_definition.pdfIn PDF document text
- https://s3.amazonaws.com/gekixadonuru/biometrical_journal_author_guidelines.pdfIn PDF document text
- https://s3.amazonaws.com/jefazaxal/interrogative_pronouns_worksheet_for_grade_4.pdfIn PDF document text
- https://s3.amazonaws.com/jukoxisojow/lagu_cheating_on_you_charlie_puth.pdfIn PDF document text
- https://237a2310-9536-43ad-add1-fe73b840a51a.filesusr.com/ugd/8b319d_aacbbd98a5d34b37b7acc94ba2697b07.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/pibajuwi/3_fold_pamphlet_template_google_docs.pdfIn PDF document text
- https://50037ee0-0691-4a53-bdc2-b2f8f795cfa6.filesusr.com/ugd/b41a9a_6d4b5b608238437c99280ae858a455d3.pdf?index=trueIn PDF document text
- https://6c8ebe11-725c-420b-823a-68bc39d02ad2.filesusr.com/ugd/3e87bf_8304dee0696942d08569ce933eb9f34c.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00014339.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14339 | 5500 bytes |
SHA-256: 91a82ba037663238f567ae13e63a7f9a8991bee57efc933eee50441344e0b9eb |
|||
font_01_sfnt_off000155b2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x155B2 | 11868 bytes |
SHA-256: 36e14149749b42c3274e083ee17b0b668c2fd66a1e808a874ee6b0850b2ecc7a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.