MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, and it contains a large number of external links, indicating a link farm or phishing attempt. One of the embedded URLs, 'https://resalured.ru/123?utm_term=ammi+ammi+ammi+kannada+song', is particularly suspicious. While no scripts were explicitly extracted, the PDF structure and heuristic firings suggest it's designed to redirect users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/123?utm_term=ammi+ammi+ammi+kannada+song PDF link annotation
- https://pibepiramizenat.weebly.com/uploads/1/3/4/7/134735255/jijeloluk_lubojolagizufuj_vegulo.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4456984/normal_5ffb3a08014a9.pdfIn PDF document text
- https://zalirusupu.weebly.com/uploads/1/3/4/5/134516706/nikipivitule-veguvanorif.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393503/normal_5fd0eae236ecf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4468814/normal_600ae68737aed.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4373509/normal_5ffb71224e900.pdfIn PDF document text
- https://borerejo.weebly.com/uploads/1/3/4/0/134040615/ea422f.pdfIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/faa2e0cc-43af-4a84-b7ca-7c43d2766cf7/download_film_fifty_shades_darker_full_movie_subtitle_indonesia.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf949bfc-9161-4744-b6db-e485885ee510/literary_devices_in_romeo_and_juliet_act_4_scene_1.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dbd22b33-8207-45ba-9970-f09068ca86ec/biwalometexoxokiwojepi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/169ab556-fa67-482a-bbde-98c7fff9f67e/wiley_nise_solutions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fece44a6-4f10-4097-9427-da07e8337557/how_to_answer_nclex_pn_style_questions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ee25220e-aa88-44cc-ac91-e67aec7581ba/xokifavivogesiketad.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f305836-321b-4c23-b2af-d7ac03f5438a/rikajukapafozowutiripe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7213ceea-b4fc-417f-9dc0-eddc2ff19833/do_self_reading_tarot_cards.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/853a33e4-62f2-4e1f-a050-57894633718f/how_to_draw_a_body_girl.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fd401d2f-1755-4dda-9ed8-306a746b34b8/job_stress_index.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e99da808-685e-4946-b08f-0b46b81e7350/war_of_the_worlds_2_the_challenge_reddit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2aaf6317-3ff0-4323-9295-32fc32dd9d84/39966839602.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1dea88a5-6c21-446f-bc23-e98f1abb07fd/31227791894.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_003_off00010041.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x10041 | 46420 bytes |
SHA-256: 5b5ef6e958a43e4363dcbd991492e6ae4b799d150884c333088fa4807001c448 |
|||
font_00_sfnt_off0000ef0e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF0E | 5072 bytes |
SHA-256: b096a9b9d9fbf67d30e015b6469e1480ec6ffb1cc1682bfd6766415e2bb83960 |
|||
font_02_sfnt_off00014d66.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14D66 | 10048 bytes |
SHA-256: 3c3b0267adaef1b0e04a30dd3ee25f5926572c06d7a412c2082bd390584c3981 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.