MALICIOUS
214
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a significant number of embedded links, identified as a link farm, directing users to potentially malicious websites. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK specifically flags a URL leading to known malicious infrastructure. The ML classifier and ClamAV detection strongly indicate malicious intent, likely for phishing or distributing further malware.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/123?utm_term=app+store+data++limit In PDF document text
- https://wudemivezetuf.weebly.com/uploads/1/3/4/3/134318680/solasadigofixujikoju.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4475203/normal_602b0a463db87.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4500692/normal_5ffe48f4a8e88.pdfIn PDF document text
- https://xixedemawib.weebly.com/uploads/1/3/0/7/130738641/gadomafuvode.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4464720/normal_6064ca0d96c43.pdfIn PDF document text
- https://mitojebani.weebly.com/uploads/1/3/2/7/132711961/6260390.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4476758/normal_600f8644374e2.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4459467/normal_6002aaab6541d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4389101/normal_6055072c891d4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371814/normal_601d213eeb279.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4490757/normal_606e381a98abc.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4387232/normal_5ffb7f597a745.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413236/normal_5fd822aa82b66.pdfIn PDF document text
- https://gixakipero.weebly.com/uploads/1/3/1/4/131412713/legivi-getez-kaluxu-besunelemurolof.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/75d4751c-4d33-427a-9867-a4790035f939/61109312408.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/788065c3-89ba-47aa-b2cc-431c1ef9103d/73150544445.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b56c538c-0361-4d90-bfbb-0f066ef32365/7840088143.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2d643fc3-55ed-4916-ba8b-0afb61307d9d/zuwumudemepuseze.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2c657e70-a4ff-4ac4-8125-335ad436eaca/49159025754.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/95a5c549-ce85-48a6-96dd-6cc0fb1313e3/gravity_falls_saw_game_apk_android.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/535589bd-0f7d-42c8-a105-7d2aa3853967/42159834008.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/29489771-8384-47dc-b533-7d320b2a9bbe/mifaxoxapajebaduvu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/583f9080-1a7e-4e7c-9576-a17a5304842f/ccna_todd_lammle.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5bedb03e-b161-44b7-ae09-c7ba22f06b24/xavutenamagadere.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/874a70d6-4a37-4472-8d26-896eef37ede6/63910179958.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000100f3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100F3 | 5092 bytes |
SHA-256: f5e1a4c1e86ce58a76eb4caeb568abdb68132ad4f8311cb59ebebc8e095de072 |
|||
font_01_sfnt_off0001122b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1122B | 10980 bytes |
SHA-256: 3e182d390b546db72f7593dbcaf5bdf250d173452de50ec4b19149b729757769 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.