MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a phishing or trojan threat. It contains numerous external links, with one prominent URL referencing a game download, likely serving as a lure. The presence of PDF_SEO_LINK_FARM heuristic suggests a link farm, potentially for SEO manipulation or distributing further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/strik?utm_term=super+mario+bros+3+apk+download PDF link annotation
- https://cdn-cms.f-static.net/uploads/4410441/normal_5fd3718494d2e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4481828/normal_5ffb589d53f9a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4417119/normal_5fcba2de593b7.pdfIn PDF document text
- https://pedomolakikivo.weebly.com/uploads/1/3/4/4/134440841/1356267.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480880/normal_60404554a69b5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4481993/normal_6019f0bf77d40.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4445125/normal_5fe87b13b5295.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4443356/normal_5ff982613b484.pdfIn PDF document text
- https://pizojiri.weebly.com/uploads/1/3/4/6/134651663/begeparu.pdfIn PDF document text
- https://gewedawinun.weebly.com/uploads/1/3/4/7/134745389/6a2722bc3.pdfIn PDF document text
- https://lerorenoj.weebly.com/uploads/1/3/5/3/135390996/daduwebegarubusitav.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4472506/normal_5fe49f3885d9d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4452850/normal_600dc77a55e9e.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/803ed916-9b53-447a-9f6c-d2c4bcef5248/el_diario_de_greg_2_resumen_libro.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b9f355c4-956e-4dba-91ee-84c9a142f8d7/why_is_my_acer_nitro_5_not_charging.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8201bbaf-d048-4e74-9a6b-c1d8a09050eb/what_does_data_warehousing_allow_organizations_to_achieve_day_to_day.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8eb4b4c-758a-42ac-b6ee-2a6a8e904a4f/what_are_the_elements_of_security_plans.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/45d6ca2a-2ec9-47dc-b15b-da8870f1a194/babatofowalaporevis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/524e72a1-4790-4cdb-9ee1-86089836b361/gone_the_complete_series_michael_grant.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f7ded170-94a1-4425-ba5e-7d8d09022816/canon_powershot_sx710_hs_superzoom_compact_camera.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01f8925d-bff6-4cea-acc9-e3f85a4c73ac/biwoboxa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/25a28bf9-832a-4af8-8b61-0c624c84ce8c/secret_ya_latif_pour_largent.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f01297a7-be43-4520-92a0-32eb184cc6b3/what_is_sacred_geometry_used_for.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/861a386f-4d06-4308-879e-4ded19083108/craftsman_7.25_lawn_mower.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f458.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF458 | 5668 bytes |
SHA-256: 99a74dadebf39709dcb400b98390d475175f0351ff088d2456778900e97368b9 |
|||
font_01_sfnt_off0001078c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1078C | 10576 bytes |
SHA-256: de057b14f8d1c2c3225e14995cbb1ac0d600832e31dd6d6f29fa0aa61d9d8d01 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.