MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7523
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/aws?utm_term=magic+bullet+vs+nutribullet+baby PDF link annotation
- http://odemebayisitrafik.com/xapowddq53.pdfIn PDF document text
- http://wrinklestiltskin.com/pronoun-antecedent_agreement_worksheet_and_answer_keytim9a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370280/normal_60234f69a2a97.pdfIn PDF document text
- https://cdn.sqhk.co/sixerusesebu/PicUEha/art_of_war_2020.pdfIn PDF document text
- http://edaruzal.xyz/133534502269tqqc.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4365542/normal_5fc6de2243e6e.pdfIn PDF document text
- http://dmdmassage.com/48777142569n96o2.pdfIn PDF document text
- https://cdn.sqhk.co/libegavezu/QjfJShf/ngk_anbe_anbe_song_bgm.pdfIn PDF document text
- https://cdn.sqhk.co/nivurerazusa/iagjiaE/high_school_resume_builder_template.pdfIn PDF document text
- http://nerroba.info/bisak552oy.pdfIn PDF document text
- http://perebobusagu.22web.org/69106269946.pdfIn PDF document text
- http://winuzuvejifod.epizy.com/cisco_packet_tracer_6._2.pdfIn PDF document text
- http://xanomake.epizy.com/does_samsung_a10e_support_fast_charging.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/606cddef-4d13-4b25-b2ea-e4d9edb36bd6/39300222286.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/904e64b2-efcc-4cf2-9c04-8d6f67b15a62/84308170040.pdfIn PDF document text
- https://d0fd22f1-78bd-4368-960d-2a324028b2bb.filesusr.com/ugd/a4d998_577715060f4046bca98b15cbde878777.pdf?index=trueIn PDF document text
- https://348ddb29-83e1-4812-94a1-743b72ef9b42.filesusr.com/ugd/23b571_49127fa23c4c44fc997c63eded274090.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/6aeb7a07-38b4-4c20-8705-ca13cb9691da/one_million_two_hundred_four_thousand_six_in_standard_form.pdfIn PDF document text
- https://68f2566a-c586-4d15-a5d1-3a72044c38f3.filesusr.com/ugd/ecec20_efbd3a72e09f4c189b4a4eda52385c19.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/04d42b2a-c34f-4460-bbf7-47b2b62eb3b5/motocross_motorbike_simulator_offroad.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/48967495-78a9-4e96-8221-9a826c3e9a8a/how_many_body_parts_should_a_two_year_old_know.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.