MALICIOUS
76
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains a lure related to 'Segundo viaje de cristobal colon' and an embedded URI pointing to an SEO redirector. This suggests a phishing attempt to lure users into downloading a malicious file. The ML classifier strongly indicates maliciousness, and the presence of an external URI further supports this assessment.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 4
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/wix?keyword=segundo+viaje+de+cristobal+colon PDF link annotation
- https://cdn.sqhk.co/kinibemazoz/8rUxjau/download_stick_soccer_2_mod_apk_android_1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4460460/normal_60171657c1cd0.pdfIn PDF document text
- https://piramejujidizek.weebly.com/uploads/1/3/4/6/134694247/wetiwevededubodar.pdfIn PDF document text
- https://lozoveku.weebly.com/uploads/1/3/1/4/131438804/lolokag_jifavonipiti.pdfIn PDF document text
- https://cdn.sqhk.co/nomavunut/agigfja/complementary_colour_scheme_examples.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368222/normal_5fe612f2bae89.pdfIn PDF document text
- https://detosujedeke.weebly.com/uploads/1/3/4/3/134371576/8172051.pdfIn PDF document text
- https://cdn.sqhk.co/naliwanik/yGjbghq/blackberry_android_hard_reset.pdfIn PDF document text
- https://cdn.sqhk.co/rodofusavivi/giYjchd/monaco_cross_stitch_fabric_by_the_yard.pdfIn PDF document text
- https://cdn.sqhk.co/fopujetoros/XiceTij/lezame.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/xakusineba/anterin_driver_apk.pdfIn PDF document text
- https://s3.amazonaws.com/feliso/89881292242.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f66ab61e-df1c-4318-8225-e048f99ccd99/faxonuwux.pdfIn PDF document text
- https://7ef5d8b8-74ac-4e0a-b0a0-fa61ca6462a8.filesusr.com/ugd/23e9be_62d14f1e3ce64cf396d9c8b44728f653.pdf?index=trueIn PDF document text
- https://c3373aeb-ed74-4f2d-b631-fa679e0a3f6f.filesusr.com/ugd/cbe7f7_89f5ce0dd8e64ea6966a78e63ea228d4.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/d8c234a0-e51c-46c7-a0cc-dd7702837659/22609280350.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4c83f3a-00d5-4e0f-a9e9-c59c16991b22/monsters_vs_aliens_susan_murphy_wedding.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c74f6f2a-17eb-4dea-b471-2fd8aa176882/what_are_the_forces_acting_on_a_thrown_ball.pdfIn PDF document text
- https://s3.amazonaws.com/fadadedezeker/61075960330.pdfIn PDF document text
- https://s3.amazonaws.com/zuxime/vixibetudarudiki.pdfIn PDF document text
- https://c3438639-6a75-4920-aa4f-d1e0b619354f.filesusr.com/ugd/3be3a7_9112b6025402419dad1f476a1177911e.pdf?index=trueIn PDF document text
- https://da6a6a96-7907-4aac-bfe3-592928b14ca9.filesusr.com/ugd/39e844_1adac18c90044c5e97e753d08b1aff60.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/4988e570-285b-47b4-aa1e-c3b59f515600/why_does_my_chamberlain_garage_door_opener_beep.pdfIn PDF document text
- https://a79fbd7c-12a6-44fe-9d3c-43dc2b0795a8.filesusr.com/ugd/f95141_00e2cc712eb141bbb600e09b5012c9aa.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/dojivewobasuval/lufogukebegunivikijer.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001c679.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C679 | 5488 bytes |
SHA-256: 82a8ed2536a3bbee077d9907926d8596412f18844566423d94833011dbb08529 |
|||
font_01_sfnt_off0001d93a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D93A | 12644 bytes |
SHA-256: 41fdc0e9aa7d00191a0d00debcdfcbc0e3dbdaf56bbb52e9461c678350d48658 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.