MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/award?keyword=calentador+solar+manual+pdf PDF link annotation
- https://cdn.sqhk.co/kerutadit/3xxYigC/assistant_construction_manager_jobs_houston.pdfIn PDF document text
- https://teduzagegoxow.weebly.com/uploads/1/3/4/4/134400331/89d3703fd.pdfIn PDF document text
- http://becloud.website/will_there_be_more_twilight_books_after_midnight_sund60cw.pdfIn PDF document text
- http://moshon.space/broadsheet_wine_bars_melbournejosjt.pdfIn PDF document text
- https://lemirupuzomive.weebly.com/uploads/1/3/2/8/132814022/6178996.pdfIn PDF document text
- https://sezijaxafiv.weebly.com/uploads/1/3/1/6/131637080/karadadometuxu.pdfIn PDF document text
- http://alex-travel.moscow/gta_5_money_cheat_pc_offlinesfr16.pdfIn PDF document text
- http://aycotoro5.xyz/44886703299939od.pdfIn PDF document text
- https://cdn.sqhk.co/goxobuve/7jdDLHv/57793456971.pdfIn PDF document text
- https://cdn.sqhk.co/vumorumuvogi/hajcib6/55483130737.pdfIn PDF document text
- https://babixugopanodip.weebly.com/uploads/1/3/5/3/135382952/dd07371492bcde0.pdfIn PDF document text
- https://lebotisoko.weebly.com/uploads/1/3/4/5/134597635/tijopi-tosufabuw-sefuranifola.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/jepavilutabilel/ripemamolo.pdfIn PDF document text
- https://6c9aa500-f8d9-42a6-b8a4-5b3c562bbfc3.filesusr.com/ugd/543886_aaa0d65ed5504f09aeede4eaf5e89adf.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tawosutosuxi/portfolio_300-watt_landscape_lighting_transformer_manual.pdfIn PDF document text
- https://bc881323-2374-4635-a2b7-f126f9929bd8.filesusr.com/ugd/546a35_46637e33c02b4eb7afb0127b7aa02db7.pdf?index=trueIn PDF document text
- https://82cb18f6-4a40-4824-ac11-10070f72ce02.filesusr.com/ugd/5aec95_8334d46ca3d84559bf6ee88e53630f40.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/dazovosugev/kikemojesuniselurezefezut.pdfIn PDF document text
- https://1c019786-7048-4615-837a-ae53f087c4ae.filesusr.com/ugd/8b4172_022f464d5c184cbead120c2da7d9bdbd.pdf?index=trueIn PDF document text
- https://07d68bf2-0661-47e2-9ffe-eae068a071af.filesusr.com/ugd/fef806_78f3c053512b478f80ea280de789426d.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/rewepalazamiso/1571441202.pdfIn PDF document text
- https://s3.amazonaws.com/remuv/47084095100.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off000128b9.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x128B9 | 18288 bytes |
SHA-256: dc2419fe7139121655b2888f4714ed09dfe6f7a4bf9c0dab5c10a8cba2360289 |
|||
font_00_sfnt_off0000ef3a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF3A | 5092 bytes |
SHA-256: ad6991d9c3f3cefc15ffbb1bdb7f38ca5b09098dab1560957a92f8b79a4ed1e7 |
|||
font_01_sfnt_off0001006e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1006E | 12248 bytes |
SHA-256: 6defc80146b33c3dcda4a477261c78780c7d39dfd147e67b6cc4027fb07b89bd |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.