MALICIOUS
144
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file is identified as malicious by ML classifiers and ClamAV, exhibiting characteristics of a phishing lure. It contains an image-only design with a clickable action, typical for directing users to external URLs. The embedded URLs, such as 'https://jottigo.ru/award?keyword=barbados+slave+code+1661+pdf', are likely part of a link farm designed to obscure the final malicious destination.
Machine Learning
- Nyx PDF Classifier malicious score 0.8567
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 40 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/award?keyword=barbados+slave+code+1661+pdf
- http://zisezamerares.mygamesonline.org/the_great_gatsby_chapter_7_questions.pdf
- http://bibopasaxuvibu.mypressonline.com/xogejebazur.pdf
- http://bovewitavivebu.getenjoyment.net/ximodedaxodovagimoren.pdf
- http://devgame.design/jaloppvmk8.pdf
- http://quickpapp.online/togelawilunifopifuredukab1vg4z.pdf
- http://lojapidabud.mypressonline.com/94214136647.pdf
- http://medtechnika1.ru/what_are_the_most_popular_books_to_readqw5hb.pdf
- http://copyrighytsupport.com/sa_dev_kapak4odzo.pdf
- http://50offit.pro/bosch_silence_plus_50_dba_will_not_start95ht5.pdf
- http://xasedogamif.mypressonline.com/the_trials_of_apollo_series_paperback.pdf
- http://50offstore.info/xegesikagabavabaua8ep.pdf
- https://uploads.strikinglycdn.com/files/b17eeffd-5048-4cb2-9b9c-3b52b938abf4/xuwimetigedufibetizopaze.pdf
- https://uploads.strikinglycdn.com/files/490820e6-19db-4459-9c34-f0fd5dfad8ee/44701048541.pdf
- https://1a73feee-b327-4bc5-ac54-9d367b44a425.filesusr.com/ugd/226baa_eb63d9a3f3c74c05ade78f76ad84d612.pdf?index=true
- https://297de083-771a-4730-a3b8-a2afe8c7d209.filesusr.com/ugd/47424f_68b2bfde3fd9478fac2a6225ae34b349.pdf?index=true
- https://uploads.strikinglycdn.com/files/ff1b13d6-9e81-4b6f-843a-d634a67a6d6c/5463281552.pdf
- https://781b76d0-895c-4d4e-90f3-491762fad171.filesusr.com/ugd/894952_c1dde451a4eb448da47d65c4cc9af2d2.pdf?index=true
- https://64f1e6a9-4530-4009-9f9b-67b91dd69f79.filesusr.com/ugd/76b6de_f9052d38bf74422eb3b5c4cf91f12138.pdf?index=true
- https://1c514d3f-4aca-4c14-a2cc-94ef866bc6c7.filesusr.com/ugd/860217_5527afb207894c0e90ce0c13212bf596.pdf?index=true
- https://9c43cb74-45e3-47de-9527-fda2e8336169.filesusr.com/ugd/af0aa9_7b4cda789b6d44b0be6ab3afb2f9e92e.pdf?index=true
Open this report in the interactive analyzer, or submit your own file for analysis.