MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many pointing to PDF files, suggesting a link farm or SEO manipulation tactic. The ClamAV detection and ML classifier strongly indicate malicious intent, specifically identified as a phishing trojan. The embedded URLs likely serve as the initial point of contact for a malicious download or redirection.
Machine Learning
- Nyx PDF Classifier malicious score 0.9830
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://philabc.ru/pbw?utm_term=writing+word+equations+worksheet+answers
- https://cdn-cms.f-static.net/uploads/4485309/normal_601b4a4cd13ce.pdf
- https://gikijeza.weebly.com/uploads/1/3/4/4/134465371/gepiwizoki.pdf
- https://xopusetimova.weebly.com/uploads/1/3/4/1/134108877/tuvawagaxekupo-zegetaje-pomifidin.pdf
- https://cdn-cms.f-static.net/uploads/4472768/normal_606b8000a5431.pdf
- https://vinaribibivo.weebly.com/uploads/1/3/1/8/131871854/nurowutakujebip-votax.pdf
- https://nofiluwovix.weebly.com/uploads/1/3/0/7/130739726/0bc7c8a102c.pdf
- https://cdn-cms.f-static.net/uploads/4409797/normal_6024fbbe7ed79.pdf
- https://cdn-cms.f-static.net/uploads/4485321/normal_601ff17c2c902.pdf
- https://rewiwolidinagi.weebly.com/uploads/1/3/4/4/134481042/79b92e5829.pdf
- https://gozezitigaja.weebly.com/uploads/1/3/4/3/134340412/63d74bafa.pdf
- https://bejejedagaf.weebly.com/uploads/1/3/4/8/134862385/jisuwixadigofolibum.pdf
- https://favaruzikab.weebly.com/uploads/1/3/4/8/134871436/zuganoxufodip.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://xifilipisi.pbworks.com/w/file/fetch/144413748/what_is_importance_of_family_planning.pdf
- https://uploads.strikinglycdn.com/files/3cfcd87f-630e-4e85-bf67-309924e485f0/6860252494.pdf
- https://uploads.strikinglycdn.com/files/9605cbde-00be-4dba-9837-06a37faa8f81/xebipitipatol.pdf
- https://uploads.strikinglycdn.com/files/204335c8-f4bb-4c04-a8fe-effb08daa124/voxozuxetekixake.pdf
- https://uploads.strikinglycdn.com/files/4de58b20-f9b8-4bfc-993a-0fe689d7b6a5/kanaxar.pdf
- http://jolowajuwijo.pbworks.com/w/file/fetch/144522417/antenna_and_wave_propagation_book_download.pdf
- https://uploads.strikinglycdn.com/files/9c3ef0ea-de81-41d1-92f0-c591f5f85253/rafezukinavaroxegolapuwig.pdf
- https://uploads.strikinglycdn.com/files/1393505c-4703-4ddb-bd73-4964decb8714/29589202910.pdf
- https://uploads.strikinglycdn.com/files/81209def-dd8c-45f6-95fe-65d37fc1a90f/do_samsung_phones_get_android_updates.pdf
- https://uploads.strikinglycdn.com/files/ce3325d1-e04a-423c-8b9e-a194485a12b8/15520954386.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e92d.bin958ba8fd23252f1914259e2c732fe24196ca8788f324abbdb297b33d48feb492 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE92D | 5348 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.