MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document uses a lure related to fishing to disguise its malicious intent. It contains numerous embedded URLs pointing to disposable domains, indicating a phishing or scam attempt. The ML classifier and ClamAV detection strongly suggest maliciousness, likely related to phishing campaigns.
Machine Learning
- Nyx PDF Classifier malicious score 0.9967
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=how+to+rig+shrimp+for+redfish PDF link annotation
- https://cdn-cms.f-static.net/uploads/4469834/normal_603d6f5f43756.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4457572/normal_60582e2b711c7.pdfIn PDF document text
- http://richteam.site/55252120931w4qe0.pdfIn PDF document text
- http://idealicaitalia-ufficiale.site/casio_wk_110_instruction_manualto7h9.pdfIn PDF document text
- http://shopwithsale.website/70991986585xcwvj.pdfIn PDF document text
- http://afracheat2.xyz/ac_market_pro_apk_latest_versionvp6ne.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366327/normal_60325ac6ad394.pdfIn PDF document text
- http://lnstagramverifiedsbadgeforms.com/electrical_power_system_design_by_deshpande_free_downloadgpz43.pdfIn PDF document text
- http://vixurefivero.66ghz.com/how_does_projection_mapping_work.pdfIn PDF document text
- http://verifedform.com/pifujedepkbji3.pdfIn PDF document text
- http://hookup153.fun/chistes_de_paolo_ladino_escritosw7pxn.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4470223/normal_6064bf6984e9c.pdfIn PDF document text
- http://ttop-shop.com/padumarispfrqa.pdfIn PDF document text
- http://usesucre.pro/resifojokudirunuwujuxidd21lz.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://muburenimigalu.epizy.com/national_interest_of_pakistan.pdfIn PDF document text
- http://mujewuliruj.epizy.com/8447580327.pdfIn PDF document text
- https://02796127-04ec-4c85-b270-c6f7310ebb18.filesusr.com/ugd/ce0e6d_7c5f6a6a297c42c7b7b120ad1a34d1ae.pdf?index=trueIn PDF document text
- https://f495c71d-628d-4070-9a3d-b699cbb46ba4.filesusr.com/ugd/d99ef3_82ab538d2d8648f5b24203b5f6ce8160.pdf?index=trueIn PDF document text
- https://f26e6bca-ce10-4524-9610-ed5ef7c8d48b.filesusr.com/ugd/ac8c68_aa2877abe6ba4e55801f0dabd935535c.pdf?index=trueIn PDF document text
- https://357b8bef-7330-4cfe-b31d-389db25c4d5a.filesusr.com/ugd/4c76bf_6a091704d4b445e1bf11090f5b763298.pdf?index=trueIn PDF document text
- https://cc4f1b1a-08c7-467e-bb5a-e3073ad8caf1.filesusr.com/ugd/ffc175_e51a112b4cad4d198aac845f74c819a4.pdf?index=trueIn PDF document text
- https://bb55feb6-a0c4-48ae-8f72-aea2c45912f8.filesusr.com/ugd/b9801a_ea2451e3f552452fb3ce19d4efa29243.pdf?index=trueIn PDF document text
- http://nivodonugito.rf.gd/75255959269.pdfIn PDF document text
- https://13a7c488-548c-4b48-b567-d2b0b9a3e1de.filesusr.com/ugd/85d67f_b22ded57d1c04ee3a3112910c99beb8d.pdf?index=trueIn PDF document text
- https://ececae0b-1312-4a4c-959a-117928b3d478.filesusr.com/ugd/e6721e_36cfe3b15b25453fb5f4f554809efd4e.pdf?index=trueIn PDF document text
- https://30383b9b-b26a-44f4-9a26-03873af8f03c.filesusr.com/ugd/fdee49_dedc08ce13a64ac4b16e6c6dde7788f0.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012787.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12787 | 5264 bytes |
SHA-256: 6613561d7256e5aa23841d78a461ffa4460470987c4871c05c3cc968e4929c05 |
|||
font_01_sfnt_off0001395c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1395C | 10888 bytes |
SHA-256: 925e4350cc8f35da6cce426a954a66043b41ab137d8af73eae80b796880e57a3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.