MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, with a critical heuristic identifying a link farm. One prominent URL, 'https://traffset.ru/123?utm_term=minecraft+barrier+block+command+pe', suggests a lure related to Minecraft commands to attract users. The ClamAV detection and ML classifier strongly indicate malicious intent, likely phishing or a scam. No scripts were extracted, but the structure and link farm point towards a malicious document designed to redirect users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/123?utm_term=minecraft+barrier+block+command+pe PDF link annotation
- https://mifuvepezomiluf.weebly.com/uploads/1/3/4/3/134312517/ff269.pdfIn PDF document text
- https://mamexobupelo.weebly.com/uploads/1/3/1/3/131383482/kepaluvipasu_bobulukonaziz.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/efa4f73d-bab6-4bde-a395-342f1de5aa87/53112868623.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1612cc06-da39-4675-b44a-f43261ef3b91/daxitodevisenozofofafaliz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/64800e3d-402f-4ce6-a870-69721122c224/chick_hill_maine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78170dfd-2d3f-4554-9a5f-5b1e626a433e/keximi.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc4bfca24b06a7eb3181a05/t/5fd108985dc1d66f384335a6/1607534745079/repulsed_by_certain_foods.pdfIn PDF document text
- https://s3.amazonaws.com/mupakijivuruzim/dutch_pottery_city_crossword.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc105099955c744b53c37bf/t/5fc852594b97230d05093def/1606963801492/81039673166.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc1ae84085bf90c0e029602/t/5fc4050a3c02f22b9d8a1482/1606681869854/strawberry_tiger_tomato.pdfIn PDF document text
- https://s3.amazonaws.com/dirijazi/view_private_instagram_profiles.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd2f15e1f2823a1206060e/1606233877628/ffxiv_how_to_make_gil_as_culinarian.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc52a646b97992eb5777856/t/5fc87a134b97230d050e792e/1606973972584/followers_timeline_on_facebook_stops.pdfIn PDF document text
- https://static1.squarespace.com/static/5fce96b7a64064676dec2ab7/t/5fd1b6b8ce71ee580fa9a139/1607579321406/free_download_story_beat_apk.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1b52093-e424-4686-ab23-90f44da29a26/83654941900.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c51562d3-f431-40df-a36e-a019c8b7d782/mathletics_instant_workbooks_series.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cb7b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCB7B | 5332 bytes |
SHA-256: 08356c1efaf71357617d17f98da681c03541f9473822f6e294811680f08a9945 |
|||
font_01_sfnt_off0000dd93.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDD93 | 10628 bytes |
SHA-256: a58b3166ad60287b53d659f876fb33209317e768bcf63a2e4fb9311e80548fd5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.