MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9952
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/strik?utm_term=why+does+he+do+that+by+lundy+bancroft PDF link annotation
- https://cdn.sqhk.co/pabefidinaz/QiciiiF/fefurafuzodarozowego.pdfIn PDF document text
- http://vivabozuna.iblogger.org/25587943404.pdfIn PDF document text
- https://cdn.sqhk.co/manuguwe/uWhhbjb/jajagamowi.pdfIn PDF document text
- http://mevolufasizi.22web.org/what_should_i_write_in_skills_in_resume.pdfIn PDF document text
- https://cdn.sqhk.co/takulowizi/ddhEvia/45224219170.pdfIn PDF document text
- https://cdn.sqhk.co/tezofugowura/ihbieBW/hot_wheels_race_off_2_mod_apk.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://564fd4a8-0e6d-4f97-813a-a14a70c45316.filesusr.com/ugd/f90d28_47bea43224024a72a59ad2464faa8445.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/a024569d-c3b6-4738-8d33-59dce8fd49d8/2008_kawasaki_bayou_250_price.pdfIn PDF document text
- https://2f60c0de-bae8-48d8-8f3f-ce7907f87c52.filesusr.com/ugd/badafb_307e7540fe734734a65f51f25714eee0.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/dugibabafod/whirlpool_cabrio_dryer_diagnostic_code_f25.pdfIn PDF document text
- https://s3.amazonaws.com/debiwelof/lac_cultivation_meaning_in_hindi.pdfIn PDF document text
- https://s3.amazonaws.com/waxegatulo/wuzitamemibet.pdfIn PDF document text
- https://96a9e3af-f0c3-4048-9e6c-0ad8da3c6018.filesusr.com/ugd/15d534_8103bc20baf7430f85a881c6797e7073.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/winumigutam/free_dmv_practice_test_questions_and_answers.pdfIn PDF document text
- https://s3.amazonaws.com/pavujiniz/amanat_ali_songs.pdfIn PDF document text
- https://s3.amazonaws.com/ruzaganog/bumez.pdfIn PDF document text
- https://s3.amazonaws.com/fezenur/cakra_khan_kekasih_bayang.pdfIn PDF document text
- https://s3.amazonaws.com/votawawo/denim_size_guide_uk.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/07cd13e4-2ae7-4212-a03f-f174f9071828/plant_dichotomous_key_worksheet_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/42da42d5-6780-4a67-817b-e404a847acd1/1374790529.pdfIn PDF document text
- https://47ab6ce1-aee6-4086-a8e7-31fe393d2411.filesusr.com/ugd/afbef4_ef9d618745a243ffb7c091eec4b1ad0f.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/4441451c-022b-4249-a19a-084473b1186b/wewerirebetidujavilinug.pdfIn PDF document text
- http://xosareregaka.epizy.com/3238460037.pdfIn PDF document text
- https://s3.amazonaws.com/julaxel/why_isnt_my_vizio_tv_showing_up_on_airplay.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a0062b17-59f7-48c6-a09d-4f1c23ffb1b0/99561542841.pdfIn PDF document text
- https://s3.amazonaws.com/xukanomarexumu/all_website_video_er_for_pc.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dbdc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDBDC | 5200 bytes |
SHA-256: 597a5f80feed7f710ae88b97ad751c21006f2a83d2ce47e51c3321d9a56f3e3c |
|||
font_01_sfnt_off0000ed91.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED91 | 11872 bytes |
SHA-256: 8528fcaf86a9af9c99ef95f9eb0d8711faaff97b1cc7c25a7df065b80b4c0c79 |
|||
font_02_sfnt_off000112ce.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x112CE | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.