MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with heuristics indicating a link farm designed to direct users to potentially malicious sites. ClamAV and ML classifiers also flagged this PDF as malicious, specifically as a phishing trojan. The presence of embedded URLs and the heuristic 'PDF_SEO_LINK_FARM' strongly suggest an attempt to redirect users to external resources for malicious purposes.
Machine Learning
- Nyx PDF Classifier malicious score 0.9742
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/award?keyword=fahrenheit+to+celsius+conversion+table+pdf
- http://lifeit.pro/audio_converter_crackd7spf.pdf
- https://biwewonopegad.weebly.com/uploads/1/3/1/3/131380063/1746351.pdf
- http://verefdliyvtorogo.xyz/numumisezojoxojuw8fesz.pdf
- https://revawowi.weebly.com/uploads/1/3/5/3/135317167/tebumor.pdf
- http://znatural.space/bogusutozazato9o7o3.pdf
- https://jivupofa.weebly.com/uploads/1/3/1/4/131406879/putogobiro.pdf
- https://wagemerefav.weebly.com/uploads/1/3/2/7/132712282/kivigi_meguxinebirebed.pdf
- https://dalenorilesa.weebly.com/uploads/1/3/4/8/134858788/7864731.pdf
- http://anrostore.ru/how_to_use_cycleops2ftfr.pdf
- https://putonikasobex.weebly.com/uploads/1/3/1/0/131070178/6c510c9f5783fb4.pdf
- https://pukaxonimuno.weebly.com/uploads/1/3/4/4/134435323/c5fffaa1a44f4.pdf
- http://tcerkovniekupola.space/kudinebegekazaxebipelgdh.pdf
- http://fajutixosisi.22web.org/80307178909.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://af1bea64-f5cd-41c2-a7c1-97f21c1aa057.filesusr.com/ugd/592671_1b322c004c284d28bef5bffe303b58f7.pdf?index=true
- http://badisaxutut.rf.gd/tamasha_full_movie_hd_worldfree4u.pdf
- https://s3.amazonaws.com/rurosaveruk/why_is_text_structure_important_in_news_reports.pdf
- https://bdee3e82-1fe6-4084-b289-f15f5249f83e.filesusr.com/ugd/749937_2c7745d870a5468a83d755e7a2b2fb77.pdf?index=true
- https://6bfd3344-23d3-4e03-ab7d-00c1c23eecf6.filesusr.com/ugd/be19e1_b38c1a4ae5ca428188408ccd5c12893a.pdf?index=true
- https://c3bb11cb-ba02-405d-8462-2b4421b436e1.filesusr.com/ugd/4c7814_5daf5d94e7344cd79d53929b6e5f486c.pdf?index=true
- https://s3.amazonaws.com/kovilowab/bully_ps4_trophies_guide.pdf
- http://golagesobowe.epizy.com/laurentide_ice_sheet_pennsylvania.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f659.bin5eb0b76cdbf2ab7ef273dfb4d7eeec87019f10f024c80d155b3d2732aff5d598 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF659 | 5396 bytes |
font_01_sfnt_off000108b0.binecc52f431b9858603f0464da8efbba51a1a1cea51aa963857fac0b3ce88f9060 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x108B0 | 11864 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.