MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/strik?utm_term=wil+yeung+vegan+ramen+cookbook+pdf PDF link annotation
- https://cdn.sqhk.co/vubiwete/iagihcO/granny_square_blanket_instructions.pdfIn PDF document text
- https://cdn.sqhk.co/pofifarim/3ii7KAO/fun_games_unblocked_zombs_royale.pdfIn PDF document text
- https://marajudalade.weebly.com/uploads/1/3/1/4/131438096/zapuludetux.pdfIn PDF document text
- https://cdn.sqhk.co/gofelaxes/ToieUig/lofagozej.pdfIn PDF document text
- https://detimuveruriwus.weebly.com/uploads/1/3/1/8/131872178/zaxureg_leputofujazikem_fulumakubigudat_derixar.pdfIn PDF document text
- https://cdn.sqhk.co/nexoratuxi/hijhbhf/blog_de_libros_romnticos.pdfIn PDF document text
- https://cdn.sqhk.co/juvanejejuwo/aZotFGG/yakima_theatres_gift_card_balance.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/7a755c4a-f58d-4053-aa7f-62e2b6c74bec/34345679612.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/58116493-cdc8-4b7a-b869-b188b23b8309/bissell_powerlifter_powerbrush.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4a38f20b-db9e-4889-9fa2-24161daeefd1/blackmagic_design_atem_mini_pro_tutorial.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e4d68ecf-860c-44aa-9219-eeca68ee3aec/pofatogoge.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/50859357-aedd-41b5-b408-baebdc33210b/maquina_de_costura_brother_ce_4000_usadas.pdfIn PDF document text
- https://36622f5a-5a1b-41a5-aa98-965156e47ac2.filesusr.com/ugd/804ff6_0a234f82e0b2406497cbcaff2bc38804.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/85d5b2cb-3c40-4dfb-8881-98fcbbc4adbc/70914003761.pdfIn PDF document text
- https://86146b48-cf95-488a-b5a0-22832f4589a6.filesusr.com/ugd/3b4eee_5c8a0d7236664528bb6c1045f838da47.pdf?index=trueIn PDF document text
- https://9b08d158-0e0f-4203-9b31-e1272d977b1c.filesusr.com/ugd/086daf_89a5bd6611954364812e11652b20dfdd.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/62954eef-c27a-4e09-be3b-9c7cf11f0263/6321371505.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9fa4131f-93f2-4817-a064-946dbf85985f/32460730442.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/280b2086-4b6d-44ea-b59d-229a8aca8cd1/bolapivu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5989deab-5802-4c60-bb64-67df8e6b2149/32702259443.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d5f83dd0-ce5b-4cfa-aada-ea13f6284f93/the_adventures_of_sherlock_holmes_tv_series_season_1.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010774.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10774 | 5676 bytes |
SHA-256: 576e223f53dc6ddeeab947cc1205f3f7bc03cc30a7f7d5304476d8be460d2e92 |
|||
font_01_sfnt_off00011ac6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11AC6 | 5120 bytes |
SHA-256: c96d85e4d8e9f375d6c3f95f237fc127a697ba3c86683cde18601da37451c5e5 |
|||
font_02_sfnt_off000128ee.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x128EE | 11572 bytes |
SHA-256: f796bfa5e396c563a9860ed5f1e4b26f3dd7c92124ae7183a7e76f20841943d6 |
|||
font_03_sfnt_off00015055.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15055 | 16664 bytes |
SHA-256: 2ad542df69f5018ee5b438ce5ab51913d1761e4886a2d3e7d83c74de86a029f9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.