MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, identified as a link farm, pointing to other PDF files. The primary URL, vilenefex.ru, suggests a lure related to 'raw food diet book pdf'. ClamAV and ML classifiers also flagged this PDF as malicious, indicating a phishing or malware distribution attempt. No scripts were extracted, but the structure suggests a phishing or content-luring attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.8022
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/award?keyword=raw+food+diet+book+pdf
- https://cdn.sqhk.co/verikiweneza/FihaNAk/malthusianismo_neomalthusianismo_e_reformista.pdf
- https://cdn-cms.f-static.net/uploads/4469353/normal_6030da6f60380.pdf
- https://cdn-cms.f-static.net/uploads/4419225/normal_602f6bb8e3c01.pdf
- https://cdn.sqhk.co/kekoseni/hjhiqgi/wuzuxebuxida.pdf
- https://cdn.sqhk.co/deloreba/L0XArge/nokia_sms_ringtone_for_iphone.pdf
- https://nasuzezigoma.weebly.com/uploads/1/3/4/5/134587751/sovisivitafo_puluwalujigo_visuzinufes.pdf
- https://cdn.sqhk.co/tijatabov/i8Djfid/dokus.pdf
- https://cdn.sqhk.co/juselivo/g7gh6ha/chennai_super_kings_match_fixtures.pdf
- https://cdn-cms.f-static.net/uploads/4459176/normal_603f3e2f5a107.pdf
- https://cdn.sqhk.co/moxinivo/gigdEif/murder_in_the_alps_energy_mod_apk.pdf
- https://cdn.sqhk.co/zogowefu/ghw4jiR/torifozazunepamixegidip.pdf
- https://rizedugo.weebly.com/uploads/1/3/1/4/131453818/penol-labamodipiz.pdf
- https://fagojature.weebly.com/uploads/1/3/3/9/133987822/derusulafosup.pdf
- https://cdn-cms.f-static.net/uploads/4413566/normal_5fd76f8b8f82e.pdf
- https://cdn.sqhk.co/remimidotomi/2iihijh/impossible_game_answers_find_the_needle.pdf
- https://cdn.sqhk.co/nudofarus/hihbdVS/nhl_standings_2015.pdf
- https://static.s123-cdn-static.com/uploads/4402938/normal_5fcc785387487.pdf
- https://cdn-cms.f-static.net/uploads/4380675/normal_6046625cbb541.pdf
- https://static.s123-cdn-static.com/uploads/4422168/normal_5feb07e51ad41.pdf
- https://static.s123-cdn-static.com/uploads/4374839/normal_5ff002f6cc810.pdf
- https://cdn-cms.f-static.net/uploads/4387921/normal_601325da1fd62.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://59cf682b-6680-4a08-8b8d-0472bab64ef7.filesusr.com/ugd/d7d6cd_a07e054d5adc43e997bf9930b0c92f13.pdf?index=true
- https://a4edf7fa-b057-49b5-8014-e5fd436fbef3.filesusr.com/ugd/c8b2c5_27ec3f09e2324f4faf6106e0e4360412.pdf?index=true
- https://8ed62699-7d02-4439-b935-4286882ef7d4.filesusr.com/ugd/229b11_9a6ce4c6f51c45d2a793a8aac0111061.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010ccb.binf15ebe2add0c385d1bfe596b9dd0f407d63c663f5c91d6b618eebf347a61ced0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CCB | 5032 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.