MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/strik?utm_term=south+african+security+industry+market+analysis+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4385869/normal_60644f43f0c6a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4449424/normal_600fe730eb90b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4476767/normal_60694202924e3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4455198/normal_5ff64fd15b800.pdfIn PDF document text
- https://dikabapor.weebly.com/uploads/1/3/4/6/134620412/vugirimixitofilupow.pdfIn PDF document text
- https://morinuzarisifuf.weebly.com/uploads/1/3/4/2/134234593/nakutigekoso-nojetufi-ginefawo.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4451039/normal_5ffd4a5725578.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393180/normal_601e1276ee7f0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4409243/normal_603537b9902c3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4417523/normal_5fce9addb40f7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4372382/normal_6027c96d6d9db.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/0b091d52-ce0a-4a79-bedc-d52a21badb50/gaxetowimipigojawepofuje.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/209e3263-7abd-41c3-9157-75a176022b6d/marantz_sr5009_remote_app.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c32428a8-3261-4a3d-8d54-e7cbbfa21976/25393431625.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5abc13cc-5210-4994-b04a-8c26545de9d3/oh_lord_our_god_how_majestic_is_your_name_chords.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/afea46a9-ab9b-4d25-a269-538bcd4e2ef8/moondance_drum_sheet_music.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e4590b88-e610-46aa-9499-a1687209f999/is_therapy_covered_by_medicaid.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2b31a0dc-9107-4842-8558-ceb28536ff4a/xorubejuvowoverinikapujol.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b50d935e-eb60-4c06-9045-7cc9f12f090a/psychology_schacter_4th_edition_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c54d74ab-78ba-494e-bbaa-777fe9132a1e/vitamix_venturist_v1200_costco_price.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a5992141-e0f3-4507-8228-42cc0d46b2d3/describe_the_global_distribution_of_tropical_rainforest_ecosystem.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001563f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1563F | 5544 bytes |
SHA-256: dd0f1c62470a0e842b10962ee7212c0b106cc2dd4fd339b65ca1ce8edf0b7f2a |
|||
font_01_sfnt_off000168f2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x168F2 | 12080 bytes |
SHA-256: c174bc206f3e317e718b1621014f2ec22625a486936368396f0d10eb1261b49f |
|||
font_02_sfnt_off000191dc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x191DC | 4324 bytes |
SHA-256: 7f6049e5011acf0e8581793f2bc2bb947aac2929fdb77abc318b2a6155c1ef71 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.