MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with one prominent link pointing to 'midufew.ru', suggesting a phishing or malware distribution attempt. The ClamAV detection and ML classifier strongly indicate malicious intent. The document body, though heavily obfuscated, appears to be a lure related to a book search, aligning with a phishing pretext.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/award?keyword=the+island+peter+benchley+pdf PDF link annotation
- https://gusumumonabol.weebly.com/uploads/1/3/0/7/130775475/ratalurodaso.pdfIn PDF document text
- http://mebets.xyz/9219599021nhyo4.pdfIn PDF document text
- http://kpovli.ru/nititimozepaz8dc0b.pdfIn PDF document text
- https://xukifunizagopo.weebly.com/uploads/1/3/4/0/134013279/tadafeguropi.pdfIn PDF document text
- https://rolobidixogiru.weebly.com/uploads/1/3/1/6/131637372/f2b5f26aa4ac.pdfIn PDF document text
- http://avit0.cc/kittitas_county_fair_exhibitors_guidei3gdd.pdfIn PDF document text
- https://virixodebusetij.weebly.com/uploads/1/3/1/3/131383575/kipavafo_minaxilupakezok.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/dazawojob/blade_and_soul_unreal_engine_4_date.pdfIn PDF document text
- https://s3.amazonaws.com/pazerogasarinu/why_wont_my_coleman_hot_tub_heat_up.pdfIn PDF document text
- https://s3.amazonaws.com/jejulurowev/2113761958.pdfIn PDF document text
- https://eadb47d6-6712-4ecd-aa5a-2cdcf2d90b86.filesusr.com/ugd/c844bf_23f7377d5fd74534833732c39c61c32b.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/mufukep/gepiro.pdfIn PDF document text
- https://s3.amazonaws.com/neporezofov/invoice_template_austria.pdfIn PDF document text
- https://4c2674ec-1430-4cec-a455-d6a35d10586e.filesusr.com/ugd/38955b_12d5b7f4a4ab4493a678d02882f95de3.pdf?index=trueIn PDF document text
- https://6129906d-bc82-46a7-99f5-71793a58af3c.filesusr.com/ugd/d162e3_f4606b3f95f1464b995c57c6e9216e9e.pdf?index=trueIn PDF document text
- https://5f8b0e40-2141-4341-98ab-6145db4b8156.filesusr.com/ugd/2072cd_6668a7ea60794b41be86f3fc61374771.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/zalomi/virujaxi.pdfIn PDF document text
- https://s3.amazonaws.com/sonutopexaramuf/xowunifebudakerasiro.pdfIn PDF document text
- https://451cdc1f-766e-44a1-8a9d-f9db2ecad5ed.filesusr.com/ugd/0f0d48_fb92f98d606f4ad88271c491af8bc6fd.pdf?index=trueIn PDF document text
- https://94aa8f26-b07a-4c24-bdb4-4112657565c9.filesusr.com/ugd/37428b_13ca7513613349da9e32e6f8139df831.pdf?index=trueIn PDF document text
- https://b2f3f1fb-4f3f-4d5d-be65-f5b10dce6288.filesusr.com/ugd/735189_b1bf3e6df22444b2889df91c2e5e395e.pdf?index=trueIn PDF document text
- https://c906085e-155d-420a-9284-418053e299e9.filesusr.com/ugd/12745a_6c4b2552f8624c93b2b9fc274f016ba4.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/fosawef/atmel_atmega8_datasheet.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000efd3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEFD3 | 5432 bytes |
SHA-256: 73e417331c955097bb91b23b494cc2267a4716ebef9eaa58622d67b7ea839887 |
|||
font_01_sfnt_off00010248.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10248 | 11696 bytes |
SHA-256: 7394fa5c81236623d26cc2f1f6514722e2a554d28630837fa3303c2118ffe5b1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.