MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains multiple embedded URLs, with one specifically identified as a malicious redirector. The document body, though heavily obfuscated, contains text related to 'Snapple apple facts' and metadata indicating it was generated by wkhtmltopdf, suggesting a lure to a malicious site. The presence of a ClamAV detection for 'Pdf.Phishing.Trojan' further supports a phishing or malicious redirection attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.7499
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/wb?keyword=snapple%20apple%20facts In PDF document text
- https://revugegan.weebly.com/uploads/1/3/4/6/134682990/jevaxozeketabu.pdfIn PDF document text
- https://vagipirisixo.weebly.com/uploads/1/3/4/8/134861957/b54487a4583f58.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413347/normal_5fa27f180cbe3.pdfIn PDF document text
- https://wunabigoji.weebly.com/uploads/1/3/4/8/134891590/goxalupaneko.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370542/normal_5f896d389e5fb.pdfIn PDF document text
- http://xuzekamusudis.iblogger.org/5200628997.pdfIn PDF document text
- https://xusalifur.weebly.com/uploads/1/3/4/1/134131705/donujan.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4453553/normal_5fc6f0c582db4.pdfIn PDF document text
- http://toxedajenoxin.66ghz.com/wallpaper_background_png.pdfIn PDF document text
- https://xalesuben.weebly.com/uploads/1/3/4/3/134368019/kumukixefaga.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367642/normal_5fbe999d10cb7.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421476/normal_5fc64aec7c8db.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4424683/normal_5fd673d6ebb72.pdfIn PDF document text
- http://dilalixurapa.epizy.com/wowib.pdfIn PDF document text
- http://gugamofizuxeg.epizy.com/95066943114.pdfIn PDF document text
- http://wuzuvulas.epizy.com/pulse_secure_ssl_vpn_client.pdfIn PDF document text
- http://loluxemo.epizy.com/saint_seiya_awakening_apk_data.pdfIn PDF document text
- http://xamipekuxedatif.rf.gd/assam_tet_exam_question_and_answer.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.