MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, identified as a "PDF_SEO_LINK_FARM" heuristic, suggesting a malicious intent to redirect users. The ClamAV detection and ML classifier also indicate maliciousness, specifically flagging it as a "Pdf.Phishing.Trojan". While no scripts were explicitly extracted, the presence of embedded URLs and the nature of the heuristics point towards a phishing or malicious redirection scheme, likely delivered as a spearphishing attachment.
Machine Learning
- Nyx PDF Classifier malicious score 0.9524
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/award?keyword=discrete+maths+functions+pdf
- http://gnfcns.info/potezilojowaronowosapipal2hh1.pdf
- http://3203epworthcres.com/air_conditioning_maintenance_agreementup1ti.pdf
- http://devlp.design/infosys_off_campus_placement_papers_freeul4ro.pdf
- http://lumacy.site/falcon_bms_israel_theater_downloadl2iie.pdf
- http://salet.store/roomba_770_error_5k04d9.pdf
- http://joy-todays.online/nupumojubvdv8o.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://ea64ff4c-51e6-4efc-8cc1-399682447901.filesusr.com/ugd/961f18_9b55629b85b74d2694be85432cc89acb.pdf?index=true
- https://s3.amazonaws.com/geradi/59071643872.pdf
- https://71a5d838-4e22-4830-8da1-7955ec3365f5.filesusr.com/ugd/f2f43e_50d192749de347bab85c15f3a23e6d24.pdf?index=true
- https://0315d410-4255-45a3-9477-873949dd02ac.filesusr.com/ugd/f85006_2220de48c17e4c7eb6c71864dc20a709.pdf?index=true
- https://uploads.strikinglycdn.com/files/a1f92e89-4d9c-41dc-b7da-adae00840323/vuseretidunajiniba.pdf
- https://s3.amazonaws.com/mufukep/best_thing_to_mix_with_crown_royal_black.pdf
- https://0ffdd24b-620b-4f4d-94ef-a39da1ca20bd.filesusr.com/ugd/853ce2_1b59a816c39249a3bac3e4eda7b5a785.pdf?index=true
- https://s3.amazonaws.com/kiguteperilodu/cmhc_rental_market_report_vancouver.pdf
- https://s3.amazonaws.com/dagasopones/dracula_stokers_response_to_the_new_woman.pdf
- https://s3.amazonaws.com/fedure/lg_air_conditioner_error_code_ch_52.pdf
- https://s3.amazonaws.com/gopifu/nuwamifavinedojufibige.pdf
- https://0dd4521b-3e41-4083-9bcc-807cce03ae78.filesusr.com/ugd/cfe2e9_fc22292bed074bcb858cc8e3d0cd2140.pdf?index=true
- https://uploads.strikinglycdn.com/files/e510c36e-322a-40e5-8a57-47d56775813b/what_is_dorian_grays_painting.pdf
- https://s3.amazonaws.com/viboxikuz/9990871130.pdf
- https://s3.amazonaws.com/tirimofufemukat/chatal_band_dj_2018_naa_songs.pdf
- https://uploads.strikinglycdn.com/files/82fead11-fd32-4514-be85-ee035f730674/76521405458.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001178c.binedfeb991c357d7761caded274a1d75c02a1748b2d223a7e67f6c9c9980567400 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1178C | 5360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.