MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is a PDF file flagged as malicious by ClamAV and an ML classifier. It contains an embedded URI pointing to a suspicious domain, philabc.ru, which is likely used for phishing or to host a malicious payload. The PDF's structure and embedded links suggest it is part of a link farm designed to obscure the true destination.
Machine Learning
- Nyx PDF Classifier malicious score 0.9948
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://philabc.ru/pbw?utm_term=alice+in+wonderland+full+text+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4471235/normal_5fc79b23986a1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368248/normal_60b7e2772d9fe.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366365/normal_601e182d37e4d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416144/normal_603b667b1a547.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4496816/normal_604847cde23c3.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d85495d-a553-4289-a75c-83da32558aad/66783288745.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7a34e56f-1aaa-462f-9bd1-8990e8f6fa6c/xalubipopivu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b390292e-e988-4930-a6c3-ea15577338fa/supernatural_book_of_the_damned_transcript.pdfIn PDF document text
- http://molitutolu.pbworks.com/f/skyrim_can_you_become_vampire_lord_again.pdfIn PDF document text
- http://lokuwulixit.pbworks.com/f/auditoria_administrativa_segun_victor_rubio_ragazzoni.pdfIn PDF document text
- http://zumejukikug.pbworks.com/w/file/fetch/144786045/pafawadoxuma.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/59b9d366-ae5e-4a99-8a8e-bf3cd941e89c/what_is_franz_kafka_best_known_for.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef297437-3ac1-42d3-a548-2c7083fe46ce/how_to_get_the_birthday_countdown_filter_on_snapchat.pdfIn PDF document text
- http://kuperuxowix.pbworks.com/w/file/fetch/144600741/how_to_hack_hill_climb_racing_pc_windows_10.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55760571-3e32-4b97-be76-e27c227a0c66/xusejulibawatex.pdfIn PDF document text
- http://mizelabe.pbworks.com/w/file/fetch/144535245/lisotokadewuturefabodaxiv.pdfIn PDF document text
- http://zewalar.pbworks.com/f/prentice_hall_united_states_history_reading_and_notetaking_study_guide_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/502f1f00-e124-4f5b-8b1a-1b06dcb47b64/alimentos_y_bebidas_que_los_contienen_verduras.pdfIn PDF document text
- http://gulisapil.pbworks.com/f/xigoxikikajotaviter.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8a57df3-e8a8-4737-86df-c6771e9270fe/99507668862.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.