MALICIOUS
172
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF file is identified as malicious by multiple heuristics and ClamAV, specifically flagging it as a phishing or trojan threat. The PDF employs an image-only lure, a common tactic to obscure clickable links. It contains a critical link to a known malicious redirector infrastructure at https://yafferge.ru/award?keyword=axis+bank+debit+card+charges+pdf, which is the primary indicator of malicious intent. The document's structure and the presence of a malicious URL strongly suggest it is used as a phishing lure or to deliver a secondary payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.7134
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 46 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/award?keyword=axis+bank+debit+card+charges+pdf
- https://sonojija.weebly.com/uploads/1/3/4/7/134723635/970ba3fdd46b.pdf
- https://jewepixixa.weebly.com/uploads/1/3/0/8/130814248/gojepufovolokefon.pdf
- https://falumegobe.weebly.com/uploads/1/3/4/7/134702986/podujafijosifenosufi.pdf
- https://xuxijoma.weebly.com/uploads/1/3/3/9/133997678/4454974.pdf
- http://coins24h.com/17187546985xard9.pdf
- http://shtancircul.site/pevebizosepofuraridetoxi8uq9c.pdf
- http://wusokamojifel.scienceontheweb.net/90449814824.pdf
- https://vosanuxavuzom.weebly.com/uploads/1/3/6/0/136089669/rasokada.pdf
- http://mmmuuuue.space/vamubolodetiqawbn.pdf
- http://avtoshkola-region26.ru/husqvarna_sewing_machines_partstwflm.pdf
- https://uploads.strikinglycdn.com/files/85fb2d06-71dd-4570-815b-9cf1343dd45a/harley_davidson_touring_service_manual.pdf
- https://uploads.strikinglycdn.com/files/0b025c57-c1f6-4b9a-8aa5-00d2a5f3325d/vobapuduxewofome.pdf
- https://s3.amazonaws.com/zuxime/does_home_depot_transfer_employees.pdf
- https://uploads.strikinglycdn.com/files/13dc1603-fb81-415d-926b-486325adc77d/45571848023.pdf
- https://uploads.strikinglycdn.com/files/543bff71-f59c-4273-bbd8-10be4be1eb15/98472160002.pdf
- https://uploads.strikinglycdn.com/files/30c8e065-b010-4aed-944d-b9ebf609944d/tipos_de_planes_estrategicos_y_operacionales.pdf
- https://uploads.strikinglycdn.com/files/6686ab65-f7b9-42cb-b319-6424deb5f2e7/abu_garcia_ambassadeur_5000_line_capacity.pdf
- http://rodexiguv.onlinewebshop.net/sulabudit.pdf
- https://s3.amazonaws.com/jesidofefe/gilumusodajazukanamova.pdf
- https://s3.amazonaws.com/xuxifuzituwu/genetic_recombination_multiple_choice_questions_and_answers.pdf
- https://s3.amazonaws.com/savifin/beaver_lake_fishing_report_washington.pdf
- https://uploads.strikinglycdn.com/files/11ca1b8b-c658-4b3e-981d-1827c5820bfe/74572985452.pdf
- https://s3.amazonaws.com/zulezov/13870813769.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.