MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, many pointing to potentially malicious domains, as indicated by the 'PDF_SEO_LINK_FARM' and 'PDF_URI' heuristics. The ML classifier and ClamAV detection strongly suggest malicious intent, likely phishing or malware distribution. Although no scripts were extracted, the structure and heuristics point towards a malicious document designed to redirect users to harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/strik?utm_term=worksheet+on+cell+division+part+1+cell+cycle+and+mitosis+answer+key PDF link annotation
- https://vamepaxokuwi.weebly.com/uploads/1/3/5/9/135959455/52c9ba.pdfIn PDF document text
- https://wopurosifagup.weebly.com/uploads/1/3/5/3/135333772/7996262.pdfIn PDF document text
- https://bugasidajuw.weebly.com/uploads/1/3/1/8/131856032/sokitederik.pdfIn PDF document text
- https://vibejatixulaxa.weebly.com/uploads/1/3/4/1/134131444/2f020db.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/sutawowirosuvuv/mapakaworujepixo.pdfIn PDF document text
- https://s3.amazonaws.com/jupoti/completion_report_format.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e4c52afe-35bb-47d2-b09a-b4785926a327/88071108865.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/14c59732-f189-444c-8855-7cc0e975ca86/attack_on_titan_season_4_episode_3_full_video.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8860d417-4af9-4fd1-8422-88b718c9a27b/59922318400.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5b7c5f87-b716-4d28-b883-e2dbb62bdd91/29773383478.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/02633a14-c6a4-4007-8e8b-1d537815bcf7/kenmore_80_series_washer_problems.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d0891e78-96f4-4c14-9c1b-9444377f2f15/vigoluradafuw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f199fee4-2c46-46f3-9633-a547921d1b37/sisters_book_by_raina_telgemeier_summary.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/70210eaf-89bb-4004-bc17-3d0bccd008a2/sony_hbd-tz140_price.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/451503b8-f706-455f-b63d-7163390eb474/popular_culture_is_rapidly_diffused_around_the_world_by.pdfIn PDF document text
- https://s3.amazonaws.com/bitajemisajoz/2432373315.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f9f4da0a-076d-498d-b645-6bb5fda3177e/bose_qc15_replacement_earpads.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6873fd97-291f-4eba-9c44-fae084b2987f/39915823605.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/75f6e422-9a60-48b1-88d7-b885ac27cf43/vegabotavazu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/79e7b814-27fe-4e4f-b9a3-018aa667ce48/every_other_day_diet_blog.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dc137d42-8690-4fee-9c3e-368d71f5188c/cen-tech_multimeter_61593.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d371c125-a59e-4ad3-a35f-9d12e96230f0/what_is_news_article_format.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f7ca.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7CA | 5696 bytes |
SHA-256: e482e7651b2a81f8293b157aadd692defefd72d80a7057ae6241c0da84969adc |
|||
font_01_sfnt_off00010b25.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10B25 | 9936 bytes |
SHA-256: 5b88d8a415f0cbc15592b00e5a47779e2e1c8775a314738b66181f66e8280258 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.