MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, indicating an attempt to direct the user to a malicious site. The document body, though heavily obfuscated, includes a search query related to 'Samsung smart tv universal remote setup not working', suggesting a lure to trick users into clicking the malicious link. The ML classifier and ClamAV detection strongly support the malicious nature of this PDF.
Machine Learning
- Nyx PDF Classifier malicious score 0.9855
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/aws?utm_term=samsung+smart+tv+universal+remote+setup+not+working In PDF document text
- https://cdn-cms.f-static.net/uploads/4499005/normal_6033d0c60decb.pdfIn PDF document text
- http://kurs1.xyz/insurgent_movie_freei0em5.pdfIn PDF document text
- http://henrysavbr.site/which_smartwatch_is_best_under_5000ata5o.pdfIn PDF document text
- http://mujubow.getenjoyment.net/wewezev.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4404750/normal_603441dcaa860.pdfIn PDF document text
- http://fevevafo.medianewsonline.com/nyc_city_subway_map.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377717/normal_600bbc9027ccb.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402504/normal_5fd5f332599e0.pdfIn PDF document text
- http://wonizojaru.scienceontheweb.net/ahmet_altan_kitaplar.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4411490/normal_60052753cc3d9.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://ae8c1479-5121-4009-b0ed-8259dbb1205b.filesusr.com/ugd/0aff45_db2c4be8b00c4ef8b3e5a7ece06b3923.pdf?index=trueIn PDF document text
- http://buzanuziti.myartsonline.com/how_to_replace_nutone_range_hood_filter.pdfIn PDF document text
- https://d102a0f2-001f-4998-bb0a-88ac30ac05b5.filesusr.com/ugd/771ea4_d3c4393f3c62424bb5aa24e03630770d.pdf?index=trueIn PDF document text
- http://jumepenitujox.atwebpages.com/abstract_algebra_theory_and_applications_judson.pdfIn PDF document text
- https://0a37a3d5-a0bf-4e77-8ff5-6127fd08aefa.filesusr.com/ugd/6046c9_89e135dae588445985f8fdf1cff0217f.pdf?index=trueIn PDF document text
- https://737c154f-ca75-4484-807d-9d5c19d76377.filesusr.com/ugd/7e84b7_ee2b099a136348dba9031103fdd16a2c.pdf?index=trueIn PDF document text
- https://121f8fc1-d270-4171-a721-8ccd656fc20f.filesusr.com/ugd/2ca22b_6135f7e8dcad471296c4ad257598ffd2.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7076d52f-3dbc-437d-9e59-49d03753d29a/qumica_organica_e_inorganica.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d4b2721d-6a25-4041-8295-16473818be32/ariens_snowblower_engine_oil_leak.pdfIn PDF document text
- https://c3e810f9-371e-40b9-9a0b-4695a496ec77.filesusr.com/ugd/2c7c49_997530c7891441208762819f5e3e8ceb.pdf?index=trueIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e33a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE33A | 5460 bytes |
SHA-256: 5e828020c9389ab5850c9352b18f4dd20668992d08fcc1f8c1e21fdeb8d012c0 |
|||
font_01_sfnt_off0000f5c8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF5C8 | 10236 bytes |
SHA-256: f53042a679cc1a8954cf589c8d2c41ee4a96b3b0e77223fb42d66580e6d29650 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.