MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, many of which are benign, but one points to a suspicious URL that appears to be part of a link farm. ClamAV and ML classifiers flagged this PDF as malicious, specifically as a phishing trojan. The presence of embedded URLs and the heuristic firing for a 'PDF_SEO_LINK_FARM' suggest a phishing attempt designed to redirect users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/strik?utm_term=hp+laserjet+p1102+user+manual PDF link annotation
- http://kakorixow.mygamesonline.org/72377157740.pdfIn PDF document text
- http://vadosaj.getenjoyment.net/raxunutinuxupafifejomon.pdfIn PDF document text
- http://bepifukikuku.mygamesonline.org/joketuxufagasafapomi.pdfIn PDF document text
- http://gejudoxe.mypressonline.com/luxamegibepuvolagalusov.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/xugigabitulu/supply_chain_management_trainee_jobs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d66787c8-5132-473c-8b40-ec6f456d61c2/conflict_resolution_techniques_ppt.pdfIn PDF document text
- https://s3.amazonaws.com/vedexajawo/vidmate_video_er_app_new_version.pdfIn PDF document text
- https://s3.amazonaws.com/tapexiw/capelania_social.pdfIn PDF document text
- https://s3.amazonaws.com/dowesitobuga/48884800567.pdfIn PDF document text
- https://160e4e15-e27a-4ef2-9b26-f67fc0969a86.filesusr.com/ugd/cbdbb6_6835d094a12f40fcae119715fc7a622e.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7a677395-7848-4f93-913b-f809d66ed0b2/fevimupuzaserela.pdfIn PDF document text
- https://1c3640e8-3530-4541-943d-4aa84fe9b526.filesusr.com/ugd/3e0cb9_e38baf302f864eea86a6493d21aa6b22.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/getizar/97614724645.pdfIn PDF document text
- https://s3.amazonaws.com/gotitibekovi/31603925791.pdfIn PDF document text
- https://1801fa0f-56e4-4894-8452-b8e06651d4be.filesusr.com/ugd/868401_3151e60c4753470b879ffec620347fd2.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/sazariwapa/baldi_s_basics_apk_free.pdfIn PDF document text
- https://s3.amazonaws.com/jupudizadid/92561996419.pdfIn PDF document text
- https://cae2aa39-5014-47ec-b549-0fed73f36d02.filesusr.com/ugd/c8683e_19056447192e456c8f32df347342ab40.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/4d637519-90cb-4c3b-bf23-e5a85d9d0e47/revimesobidil.pdfIn PDF document text
- https://48e4e0df-78ce-4736-8797-27735e68dc67.filesusr.com/ugd/f3b179_a033198b76974289812fa76c9c32ec78.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/affef55f-c463-49e4-8698-02d897fcc544/10399202913.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ea1e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEA1E | 5328 bytes |
SHA-256: 56ef0c5e64551dbc868588678e5bd778e52b1c4586f7371569182971598746b6 |
|||
font_01_sfnt_off0000fc2b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC2B | 10520 bytes |
SHA-256: 1d55677861ad4ea9e13450df21339566ab0e4b834493a159348271c2a1904290 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.