MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, identified by the 'PDF_MALICIOUS_REDIRECTOR_LINK' heuristic. The ML classifier and ClamAV also flagged this PDF as malicious, indicating a phishing or trojan payload. The embedded URL is the primary indicator of malicious intent, likely leading to a phishing page or malware download.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/strik?utm_term=what+is+the+role+of+social+media+in+public+relations+pdf In PDF document text
- http://linefesejewug.sportsontheweb.net/bigumotilumizulisasuboka.pdfIn PDF document text
- http://tederurokeroga.iblogger.org/writing_prompts_1st_grade_worksheets.pdfIn PDF document text
- http://ligexekena.mywebcommunity.org/sybcom_business_management_book.pdfIn PDF document text
- http://znalomstvavip.site/sample_answer_sheet_for_ielts_readingnb9lc.pdfIn PDF document text
- http://copyrightnotices-form.com/char_broil_tabletop_grill_standrnuev.pdfIn PDF document text
- http://firstflirts.site/638453421560j27j.pdfIn PDF document text
- http://kevekozulanilim.sportsontheweb.net/amazon_echo_2nd_generation_user_manual.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://a1d3e036-d9a1-4be1-9d2f-eedbb581cb22.filesusr.com/ugd/3ce946_29cf08d14afc4a7796815cb320760277.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/loxopudizus/is_cyberpunk_playable_on_ps4_pro.pdfIn PDF document text
- https://33c7e2ec-32fc-4676-a642-9d95a4379e01.filesusr.com/ugd/622218_443716e63bc943a1a548265860761347.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/bogeguva/diresalefifetabiwivivi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3deaa79f-7bb4-4400-8a07-faccb8e7b5d4/80841020856.pdfIn PDF document text
- https://s3.amazonaws.com/xisakazelelinim/wifekemufaritud.pdfIn PDF document text
- https://s3.amazonaws.com/fivebo/variance_of_uniform_distribution_equation.pdfIn PDF document text
- http://xobeminal.atwebpages.com/funeziwefunof.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6a53acc6-1690-4f6a-9b80-74f4406ede6f/86841175111.pdfIn PDF document text
- https://d90bda3b-35dd-409f-9d4b-b4a00d881a52.filesusr.com/ugd/b88e3d_9b324723e13642b8a23acf869eea01d8.pdf?index=trueIn PDF document text
- http://pazizota.rf.gd/80203580468.pdfIn PDF document text
- https://15319a82-8c66-4906-b3c2-464277991f2b.filesusr.com/ugd/070acf_9b868e3ceaa04db6a94306c06b0fc981.pdf?index=trueIn PDF document text
- https://a943cdc4-551e-4fd6-8842-bb1c82e441e2.filesusr.com/ugd/a0303e_e1d805775f0f4407b055aedd801b32af.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/wazorixekunafob/43354951527.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e876.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE876 | 5432 bytes |
SHA-256: 55c00c90ac0420611d38f834a4a84b05ac103dc91ce9ce0a352cb5e66b0f8241 |
|||
font_01_sfnt_off0000fac4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFAC4 | 10656 bytes |
SHA-256: 4568a99d2ff4d08329139c9f91782eea1dcf0e2537b63e3b049117d267ff26bd |
|||
font_02_sfnt_off00011f44.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11F44 | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.