MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF was flagged by ClamAV as Pdf.Phishing.Trojan and ML classifiers indicated a high probability of maliciousness. The heuristic PDF_SEO_LINK_FARM indicates the presence of a mass external PDF link farm, with the primary malicious URL being https://gimoguvi.ru/strik. This suggests the document's purpose is to lure users to potentially malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/strik?utm_term=10+security+domains+of+the+%2528isc%25292+cissp+common+body+of+knowledge+%2528cbk%2529 PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/fadobirak/cali_lighting_transformer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fe28b628-8d32-43a0-8f45-d50a9bd8e252/bose_acoustimass_10_series_iii_home_theater_speaker_system.pdfIn PDF document text
- https://s3.amazonaws.com/rebesudanolo/how_many_words_did_shakespeare_invent_that_we_still_use_today.pdfIn PDF document text
- https://19aaccd0-9772-41b6-85c4-be118606641a.filesusr.com/ugd/a12125_68695793a38145908b00ec1d5547cb08.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/bisegilupuf/delexu.pdfIn PDF document text
- https://18b62485-dce0-4e35-9712-b1d1f13fcb23.filesusr.com/ugd/296484_ca3b6ad31b454cc390f66d6b0b3da1bf.pdf?index=trueIn PDF document text
- https://68358877-4ee6-4e53-94f7-4bd9665c1f53.filesusr.com/ugd/3bbd68_0dc849f0dba54cdba09534de28e4615f.pdf?index=trueIn PDF document text
- https://1a6c606f-1efd-495f-9370-57f425d809fd.filesusr.com/ugd/1be480_cc561b67911d40458051a65466679a8e.pdf?index=trueIn PDF document text
- https://b133b025-67d1-4190-9e53-fbb99503dec2.filesusr.com/ugd/caf13f_7528ef199dc74b9da6b918d3d7329167.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/00c53551-7d04-4b92-82d2-ef2d0ce2ab48/do_dunkin_donuts_flavors_have_sugar.pdfIn PDF document text
- https://s3.amazonaws.com/fifomi/81853571093.pdfIn PDF document text
- https://s3.amazonaws.com/rilexazejuzovep/3814934615.pdfIn PDF document text
- https://c6111751-42b6-464f-a8b1-832d492ff999.filesusr.com/ugd/3d0627_bfaf5231144e4bc598825c0e7602b985.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/wizuluworafid/mafekikanazi.pdfIn PDF document text
- https://s3.amazonaws.com/tufitijinexu/harina_almendra_informacion_nutricional.pdfIn PDF document text
- https://s3.amazonaws.com/jojitagifuva/aluminum_sulfate_msds_sheet.pdfIn PDF document text
- https://8a5a474a-a671-4857-921d-d1df0ee72544.filesusr.com/ugd/523716_d0b656d09b85466ba7e0eee18040334b.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/6dc684c9-85a8-4898-9146-461993100295/finding_interior_angles_of_a_triangle_worksheet.pdfIn PDF document text
- https://77a80da1-97a3-4b40-ba11-54c6d232eb66.filesusr.com/ugd/39a0fd_2b1a4d9330604349a3617a46737bc5bd.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7d8091a9-386c-4884-8a40-7d8aabae6726/42986849643.pdfIn PDF document text
- https://36622f5a-5a1b-41a5-aa98-965156e47ac2.filesusr.com/ugd/804ff6_3e29c7d2a3834f9b862b6076aef39594.pdf?index=trueIn PDF document text
- https://58fabbca-0322-4868-a582-948aa19840f9.filesusr.com/ugd/93748c_746032cabd6f492894f4460f79d4c19d.pdf?index=trueIn PDF document text
- https://3ae4d138-4ba3-4962-98fb-1b98b40a6a82.filesusr.com/ugd/38062a_e12ebf2dd25e482295b7e7b4e226eb3c.pdf?index=trueIn PDF document text
- https://9169454a-6e45-4b39-89c4-5cd9bf0a6084.filesusr.com/ugd/32fbc8_f3145d10d3e44771b5f7d6badce221fe.pdf?index=trueIn PDF document text
- https://5634f520-c25d-421d-ab67-3d94505d13cb.filesusr.com/ugd/1b85ab_52cfac12bac74b9881c34265a67f9ae6.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fdfe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFDFE | 6352 bytes |
SHA-256: e0e976871f16ca58be1c955adc3709173d54e87775b74c844042f637fa4ab96f |
|||
font_01_sfnt_off00011399.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11399 | 11560 bytes |
SHA-256: d86da1f6f5951c2a969e1aaaad45f0a80f92512bcbb3247066c8e67790086cc8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.