MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains a large number of external links, many pointing to PDF files hosted on strikinglycdn.com and weebly.com, suggesting a link farm or redirection mechanism. One of the primary external links, 'https://resalured.ru/strik?utm_term=a+wrinkle+in+time+graphic+novel+read+online', indicates a lure related to online content, likely to deceive users into visiting malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/strik?utm_term=a+wrinkle+in+time+graphic+novel+read+online PDF link annotation
- https://pulaberiboz.weebly.com/uploads/1/3/0/7/130775840/rerovofavaso.pdfIn PDF document text
- https://nuluziberalisox.weebly.com/uploads/1/3/1/3/131379655/1086290.pdfIn PDF document text
- https://sejumajofejopib.weebly.com/uploads/1/3/2/7/132740214/7879ca50.pdfIn PDF document text
- https://wadaletabuj.weebly.com/uploads/1/3/2/6/132695896/fee8353d.pdfIn PDF document text
- https://buzijivugaza.weebly.com/uploads/1/3/4/7/134709386/safikop_nisonituwobew_sajizixajab.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/393fc95c-f357-43b5-8f29-d39c8c53414c/pojonawi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f6981421-4ef5-4293-b6ab-03870f52eae3/clinical_pharmacology_and_therapeutics_author_guidelines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/56efd4fb-fa98-4e4c-8c35-d3b01b81d011/jepuge.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/012c6240-1b41-4196-aac7-f8c77d480a67/verizon_router_blinking_white_wifi_light.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6ba123ad-5af0-47be-9583-eef99a2d80a8/gomubakabadisoxurijumef.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/375f528f-c2a1-4a64-a73a-c34f3fd48bca/esv_large_print_thinline_reference_bible_trutone_brown.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/005deacf-f3a9-4d48-b1a7-620e75fe2c81/2002_snowbear_utility_trailer_specs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ddff58b5-ba61-447e-a015-5fea6c0212df/how_to_connect_verizon_g3100_router.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f83197f1-bc35-471d-8114-4cc96d63c7f5/what_is_quantum_physics_for_dummies.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/056eaf7c-8d60-45ab-98ed-6b48b5e51e2d/93559620841.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e4c9405a-59a8-429c-a12a-d96e72d8973b/gitilexakunomogufe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cacbbffa-47b3-4d1d-9d76-9224bde3eb67/aa_daily_reflections_free_app.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1a2b4732-e4d0-4c52-802a-b8941a4ba605/volezikubumoji.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8d74f3cc-6a4f-449a-9e5b-2aaed8f9df01/canon_eos_rebel_t5_camera_bag.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/da4eda7a-bc62-4942-a3ae-6b54c819ab4b/36601366170.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ec812bc8-4d36-470a-ad77-e2a429d71625/72211837093.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0d5edc21-73ba-4d48-8999-447d66eedbc0/16689309526.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/97531188-dce3-4b8d-91d5-cd79c36dd1cf/acido_sulfrico_formula_semidesarrollada.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee33.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE33 | 5516 bytes |
SHA-256: d07bb8597f283eecd6c847a19af15b310deb1ffc700862b50da968c059be50c8 |
|||
font_01_sfnt_off000100e6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100E6 | 11168 bytes |
SHA-256: cceef2f9a05336d7162bbca09b98f7453fab46f6eb2b2871b93edcabdb80ccca |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.