MALICIOUS
136
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.6933
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://epoptavky.com/is/images/FCKeditor/File/gimiwolunutidozoke.pdf In PDF document text
- http://mitsubishilongbien.vn/images/ckeditor/files/naxaxopaju.pdfIn PDF document text
- https://datawire.gr/files/files/50933114253.pdfIn PDF document text
- http://nanobubblevietnam.com/uploads/userfiles/file/wimawusasaziwirirogara.pdfIn PDF document text
- https://earthchartercities.org/wp-content/plugins/formcraft/file-upload/server/content/files/1614c2d70960cd---25987520451.pdfIn PDF document text
- http://hastensandbreakfast.nl/userfiles/file/bowuvesofefisaxefobu.pdfIn PDF document text
- http://smartbazar.online/app/webroot/upload/files/7619009230.pdfIn PDF document text
- http://khodahoanglang.com/admin/webroot/upload/image/files/xujelibafubime.pdfIn PDF document text
- http://m-s-g.ru/userfiles/files/67013854762.pdfIn PDF document text
- http://www.dilipprabhavalkar.com/images/file/13900999296.pdfIn PDF document text
- http://xn--2-7sbddqrtdw3be6jua.xn--p1ai/userfiles/file/digaxavedopamedokovuxi.pdfIn PDF document text
- https://kudamatsu.org/userfiles/file/11087485050.pdfIn PDF document text
- http://idcla.net/upload/files/vumilibo.pdfIn PDF document text
- http://3wsystems.com/shipinc/userfiles/files/70108203524.pdfIn PDF document text
- http://jarauwerdaenzn.nl/userfiles/file/29375158394.pdfIn PDF document text
- https://jucariicopilasi.ro/app/webroot/files/userfiles/files/jabokadimufevewetezojamu.pdfIn PDF document text
- http://spec-so.ru/sites/default/files/file/delovasotefeb.pdfIn PDF document text
- http://ageddfjtj.pretty-match.com/upload/files/47841104026.pdfIn PDF document text
- http://gdlejia.com/uploadfile/files/20211030_130829.pdfIn PDF document text
- http://kezheng.net/Upload/file/34767176984.pdfIn PDF document text
- http://mgrima.com/files/file/49290322180.pdfIn PDF document text
- http://easy-maker.biz/upload/files/40303615388.pdfIn PDF document text
- https://www.campacinter.com/image/upload/File/83936817512.pdfIn PDF document text
- http://heilpraxis-pankow.de/wp-content/plugins/formcraft/file-upload/server/content/files/161a4cbb77ca9e---mevumigimusimipef.pdfIn PDF document text
- http://www.lnk-creation.fr/upload/file/16029914983.pdfIn PDF document text
- http://digifast.cz/userfiles/15831757593.pdfIn PDF document text
- http://feedproxy.google.com/~r/MbOu/~3/KGDyd8lM0uI/uplcv?utm_term=sheep+ear+headband+templatePDF link annotation
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0004c9ee.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4C9EE | 10492 bytes |
SHA-256: 48f1e0c3750a27e7b5515975ba51df07561773e976febfe8c03857d507214a11 |
|||
font_01_sfnt_off0004e153.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E153 | 16376 bytes |
SHA-256: db852ca2637df86915bb64d2a0ca4b4979ef788ff620d29a16c3929b9af6bbe9 |
|||
font_02_sfnt_off00050c32.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x50C32 | 16416 bytes |
SHA-256: cfa2c3fbce80cc5607e01af033b793d17c57c214fb1d96e845eedea48cccd336 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.