MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document is identified as malicious by ClamAV and an ML classifier, exhibiting characteristics of a phishing lure. It contains an image-only interface with a clickable action, designed to deceive users. The document also hosts a large number of external links, including a suspicious URL pointing to 'jacksth.ru', which likely serves as a landing page for malicious activity.
Machine Learning
- Nyx PDF Classifier malicious score 0.6386
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 50 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/aws?utm_term=what+does+error+2+mean+on+blood+pressure+machine
- http://xixizugujixu.iblogger.org/nubitovu.pdf
- https://favaruzikab.weebly.com/uploads/1/3/4/8/134871436/fujumudiwebot.pdf
- https://gazewowotom.weebly.com/uploads/1/3/4/6/134616189/xiwubexunetexaw_lanagijamujaj_fepaf_saxezexo.pdf
- https://kexiwiwimibip.weebly.com/uploads/1/3/1/3/131379584/666104.pdf
- https://lomofoxagut.weebly.com/uploads/1/3/4/5/134524577/tijatadug-wefotog-nugutoxi-lelixonada.pdf
- https://uploads.strikinglycdn.com/files/02aa59f9-63f8-4154-bc05-1b8c117badaa/dezoma.pdf
- https://uploads.strikinglycdn.com/files/ce70fcc2-a2d1-4fce-b65b-db3117627de1/the_poetic_edda.pdf
- https://bb55feb6-a0c4-48ae-8f72-aea2c45912f8.filesusr.com/ugd/b9801a_278f553bc17c4e07baf5163ac56ef804.pdf?index=true
- https://uploads.strikinglycdn.com/files/799535a7-2583-4610-ad9a-8c8cb72b3b9e/first_alert_model_number_co1210.pdf
- https://uploads.strikinglycdn.com/files/804c7770-2c01-4cf3-a643-c4d354d3267a/4867423821.pdf
- http://vinegufoxa.rf.gd/41573696197.pdf
- https://uploads.strikinglycdn.com/files/f1278796-05f0-48ec-bad1-b719d9974487/does_the_helix_5_g2_have_gps.pdf
- https://uploads.strikinglycdn.com/files/343f85a0-7a6e-4918-8e00-3ac0d454d8cf/mastercam_x5_lathe_tutorial.pdf
- https://5e6d3f51-9b35-4a29-baf4-1f036254a461.filesusr.com/ugd/99a8f2_2579defa43d6486a9f3e2652dfb7f928.pdf?index=true
- https://uploads.strikinglycdn.com/files/d1939fee-b038-487b-a213-c4848efbf0a4/ego_self_propelled_electric_lawn_mower_review.pdf
- https://uploads.strikinglycdn.com/files/43e08fbe-278d-41c1-bff6-3ff9f0638c6b/how_to_answer_question_in_court.pdf
- https://uploads.strikinglycdn.com/files/c0447986-2046-469a-9c1c-d654cee5d09f/kuvapapirixugudulapun.pdf
- http://xeduniramabal.rf.gd/26638198835.pdf
- http://fakonin.rf.gd/what_is_the_opposite_of_inverse_matrix.pdf
- https://645c32c3-7e99-4959-b93b-7980205539d7.filesusr.com/ugd/30a31c_db16aea30e24434ebe8c4a10efeb121a.pdf?index=true
- https://uploads.strikinglycdn.com/files/c2ee5239-086f-45b9-87fa-aed5ecfd2f99/korean_study_workbook.pdf
- https://uploads.strikinglycdn.com/files/dbf0344e-40e3-4b80-963d-663a4e12531a/how_to_manage_auditory_hallucinations.pdf
- http://lojajute.rf.gd/magnetism_worksheet_with_answers.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.