MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by ClamAV as a phishing trojan and ML classifiers indicated a high probability of maliciousness. The heuristic 'PDF_SEO_LINK_FARM' indicates the presence of a large number of external links, with the primary observed URL being zajinet.ru. The document body, though heavily obfuscated, contains references to 'Intellij idea book pdf' and 'wkhtmltopdf', suggesting a potential lure for users searching for technical content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/aws?utm_term=intellij+idea+book+pdf PDF link annotation
- https://cdn.sqhk.co/pujixefan/hhhjhc6/jeepers_creepers_full_movie_480p.pdfIn PDF document text
- https://cdn.sqhk.co/rolekixawute/ikEijZr/mazisibefezo.pdfIn PDF document text
- https://pukibasobudez.weebly.com/uploads/1/3/1/3/131379944/818c9f79aefc.pdfIn PDF document text
- https://cdn.sqhk.co/bivakidu/mijhehi/lagune_1_arbeitsbuch_answers.pdfIn PDF document text
- https://cdn.sqhk.co/bapuwanuvadi/ggjjgjc/flip_30_goal_zero.pdfIn PDF document text
- https://retumitoratosu.weebly.com/uploads/1/3/4/2/134234586/wivisufelufuj.pdfIn PDF document text
- https://valuzobuxile.weebly.com/uploads/1/3/2/7/132711949/sodoven-zukugokofuvat-zuget-wuzizib.pdfIn PDF document text
- https://cdn.sqhk.co/wesuwajil/jXhh9ib/pasobixutiwofikojivijuwi.pdfIn PDF document text
- https://fiwigerisen.weebly.com/uploads/1/3/1/4/131408459/1777312.pdfIn PDF document text
- https://newadagunezadev.weebly.com/uploads/1/3/4/6/134684801/160839b45700.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/galinikagopit/vogovasezus.pdfIn PDF document text
- https://43a2ba88-5de9-465b-b95f-6a4d82f2d06e.filesusr.com/ugd/dcbeda_f2554c2edbde4e68902b71a65605337d.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/105f2906-783f-421d-92ac-91c10c5e72b3/metodologia_dela_investigacion_cientifica_sampieri.pdfIn PDF document text
- https://s3.amazonaws.com/satulibaren/seviwufip.pdfIn PDF document text
- https://s3.amazonaws.com/tibanepoxilibud/mejorozojosawu.pdfIn PDF document text
- https://883cd1dc-02d0-4059-8fa2-99201f92b631.filesusr.com/ugd/6166c9_50c061621b66410997a2b792cfc6a2e0.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/megelugik/31374468326.pdfIn PDF document text
- https://88749095-6fd7-453f-8e8a-15b48fe47dd1.filesusr.com/ugd/e4d7df_0ea24a94fa684fc5bf7c476e81a2e545.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/c4cc4844-5468-4fd8-b6f0-f0d43dd36450/gilmour_lawn_sprinkler_repair.pdfIn PDF document text
- https://s3.amazonaws.com/nitatotol/74586860494.pdfIn PDF document text
- https://s3.amazonaws.com/xijalovelokolep/ajax_form_post.pdfIn PDF document text
- https://f8ba888e-8f71-4fde-8303-550399648f4e.filesusr.com/ugd/17ce20_5b1fb941ebd64a9ea76adb9bfe40efdc.pdf?index=trueIn PDF document text
- https://14535e1a-360a-4d01-a655-fa33e115c80e.filesusr.com/ugd/b222ea_df104de16e724d0bac52c3e69982cfca.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/purawuma/81230427329.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8989edea-11e3-4a69-84ee-0c8b0e3cbeae/84268717644.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000130af.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x130AF | 4980 bytes |
SHA-256: 636d2b776457f4318aac12d3b61d03a5076c56ef69b2206439a9ffbdedc8e434 |
|||
font_01_sfnt_off000141b7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x141B7 | 15544 bytes |
SHA-256: 4d845de0ee1e059418c38fcee718c918f0004fb2ba598b514c0a0a41f98aa6bb |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.