MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wix?keyword=senran+kagura+estival+versus+ps4+trophy+guide PDF link annotation
- https://cdn.sqhk.co/fekurisakez/balBpPm/bass_pro_shop_bowling_memphis.pdfIn PDF document text
- https://cdn.sqhk.co/jipodipotaj/4Khb7j3/41042334486.pdfIn PDF document text
- https://cdn.sqhk.co/xifinelire/hhHhjgd/her_story_book.pdfIn PDF document text
- https://cdn.sqhk.co/nomelafu/D8eNQjg/callaway_mavrik_standard_driver_review.pdfIn PDF document text
- https://cdn.sqhk.co/nozelenid/je2dhhZ/braveland_pirate_apk_obb.pdfIn PDF document text
- https://cdn.sqhk.co/mezewimaxus/Dgieges/24434790743.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/6ab0dd96-9d01-4733-8d95-27f12ada47ab/release_ip_address_verizon_fios_router.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f82f80d3-7f1b-473a-b812-47ca0d40ea4e/xirizatowulojutemejirina.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bb11f387-0c69-419d-854f-0cc5ea337566/norilugom.pdfIn PDF document text
- https://ce83042b-5faf-46b5-bcbb-9b4d05ec7d33.filesusr.com/ugd/a31856_d68130aa41644ae193946a7a17fb9790.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/pisik/biketejusaxu.pdfIn PDF document text
- https://s3.amazonaws.com/desenaz/pibobovovetakunuwe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/34fbc177-9461-4bed-9841-167f5b66d592/lumurosu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ff48c5dd-d7bc-4683-b0d2-8b92bafd1d0b/1435906735.pdfIn PDF document text
- https://3f5765b5-411c-4b28-96d1-a1e3b219bcee.filesusr.com/ugd/ca847e_cf848da853dc4309854d2fe1b3ef047b.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/b5072910-a9bd-486d-8359-f8385da9e26f/tokyo_ghoul_season_2_episode_1_plot.pdfIn PDF document text
- https://s3.amazonaws.com/wovugi/70506958594.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/719ad37e-7ff1-4dc6-b4c6-ccd5d7e798e3/american_stories_a_history_of_the_united_states_volume_2_3rd_edition.pdfIn PDF document text
- https://s3.amazonaws.com/bubisifapagefe/anatomia_cara_y_cuello.pdfIn PDF document text
- https://s3.amazonaws.com/pukaridimupo/cash_flow_analysis_form_1084.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5b201f64-b3fa-497b-adf2-88ba879ad94c/38201073757.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/152297a7-53b8-4110-a6b2-d94826cd6adb/how_often_to_replace_wahl_clipper_blades.pdfIn PDF document text
- https://71bfc0c6-4bef-405a-aee6-9e9dcaab3d12.filesusr.com/ugd/708cfd_f8eb83c5383d4cf58e86301f8565e0c0.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011407.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11407 | 5640 bytes |
SHA-256: cb83180d06f8618e812572f3ea69e63d21a07df9bc295846156882684540f3de |
|||
font_01_sfnt_off00012749.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12749 | 10956 bytes |
SHA-256: d45f87cff516d6798d25414b6a9b00b2a4f6b7931840c805718c69a8f8f796c2 |
|||
font_02_sfnt_off00014cc8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14CC8 | 16092 bytes |
SHA-256: c9557d91917e40dbb2ce09b7ef560a04a9a832ffe2ebcac6b50408a58351272e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.