MALICIOUS
232
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF file is identified as malicious by multiple heuristics, including a critical alert for malicious redirector links and a ClamAV detection. The document is an image-only lure, typical of phishing, designed to trick users into clicking a link. The primary malicious URL identified is https://yafferge.ru/strik. The presence of numerous external PDF links suggests a link farm, further indicating malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.8706
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 61 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/strik?utm_term=why+is+my+water+heater+constantly+running
- http://lazerepil.site/48345265541wsmg7.pdf
- http://carinsusa.info/spectrum_math_workbook_grade_8_free92cvz.pdf
- http://yoga-italy.space/bharat_ane_nenu_naa_songs_ing_djh2zs3.pdf
- http://bullbananavannaone.xyz/983400780339hb4l.pdf
- http://vizionsmc.net/pronoun_practice_4th_gradei844q.pdf
- http://hiziryigit.online/vusotokuzovebuzinelawirirxwjvc.pdf
- http://raicen.com/24457660469up32v.pdf
- http://ttttrrrr.space/tirelibubejakuxudex0sced.pdf
- http://rat-red.space/wajibiwegarudizufujixoxx2g6m.pdf
- https://s3.amazonaws.com/regovadeje/64373420153.pdf
- http://rawifujit.epizy.com/rikezonitazekerub.pdf
- https://s3.amazonaws.com/kakef/ignorance_is_not_bliss_worksheet_answers.pdf
- https://s3.amazonaws.com/jebupofedijakuk/a_v_malformation_histology.pdf
- https://uploads.strikinglycdn.com/files/edc58b34-c414-4122-95a4-c1bb19552414/john_deere_l120_drive_belt_diagram.pdf
- https://da54c32a-99c7-4590-8520-800dd2d1cae3.filesusr.com/ugd/7973d2_ba3c1c56a2df4d6390f111598c99cfe9.pdf?index=true
- https://fea67d75-dd3b-4bdd-af05-748e92ec8a52.filesusr.com/ugd/05900a_7e73934e0b3d4073bd1a13664d3da29d.pdf?index=true
- http://lisuwar.rf.gd/clash_of_clans_updated_mod_apk.pdf
- https://s3.amazonaws.com/dejolavubukugeb/dyson_v6_animal_attachments_guide.pdf
- https://s3.amazonaws.com/gorajikunobixi/what_does_gmo_mean_in_smash.pdf
- https://db244590-af71-4c33-bd6e-2f8f55f31281.filesusr.com/ugd/fdab61_24d5246982994551b2282d409562427e.pdf?index=true
- https://uploads.strikinglycdn.com/files/fdd4dd98-6a96-49da-a33e-5cf74070aa5a/94948696778.pdf
- https://uploads.strikinglycdn.com/files/1f8b448a-9dc6-4413-8bd8-f8b824589824/definition_of_done_in_scrum_agile_user_stories_examples.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.