MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. It contains a large number of external links, many pointing to PDF files, suggesting a link farm or SEO poisoning tactic. One prominent URL, https://medvor.ru/pbw?utm_term=gta+chinatown+wars+mod+apk+obb+download, appears to be a lure for downloading game-related content, which is a common phishing pretext. Although no scripts were explicitly extracted, the PDF structure and embedded URI heuristics suggest it's designed to redirect users to malicious or deceptive content.
Machine Learning
- Nyx PDF Classifier malicious score 0.8553
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://medvor.ru/pbw?utm_term=gta+chinatown+wars+mod+apk+obb+download
- https://gomimujetaveve.weebly.com/uploads/1/3/1/4/131406784/5695594.pdf
- https://fagezatev.weebly.com/uploads/1/3/4/7/134711774/gotitakar_katigarupaliv_pevizobewosob_xasesusewaw.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/7d861b02-da35-468c-8d78-5936ff6e1f3f/zurozusijivalufu.pdf
- https://uploads.strikinglycdn.com/files/1349ef4f-4b78-453a-97f6-fcb6fb84909a/suma_y_resta_de_numeros_enteros_ejercicios.pdf
- https://uploads.strikinglycdn.com/files/31958b24-1ac5-41a3-b55a-0dcb74afa8b1/99210370395.pdf
- http://mukibilevejo.pbworks.com/w/file/fetch/144468642/is_downloading_cracked_games_illegal.pdf
- https://uploads.strikinglycdn.com/files/54f72064-d1e3-45b5-a7af-3c6f21eafd9c/how_much_does_it_cost_to_strengthen_a_floor.pdf
- https://uploads.strikinglycdn.com/files/fe2b8161-3460-47c5-8f78-f25d03f56bea/sawegikovevutizetono.pdf
- https://uploads.strikinglycdn.com/files/4c4c37f1-ee47-45a5-8394-86b166416297/xumejuputufavivab.pdf
- https://uploads.strikinglycdn.com/files/05f8334b-ba59-49ea-a11f-8a5f97582fe6/bengali_to_english_passage_translation.pdf
- https://uploads.strikinglycdn.com/files/578e3213-cb1a-4a8f-9510-1b118aca7cfa/what_are_the_responsibilities_as_a_first_aider_requires_you_to_do.pdf
- http://juvudibip.pbworks.com/w/file/fetch/144582873/how_to_issue_new_cheque_book_in_sbi.pdf
- https://uploads.strikinglycdn.com/files/62ded075-7762-4a1b-8e53-6c5bff879a52/xurotazobubulupovegodep.pdf
- https://uploads.strikinglycdn.com/files/5301a7dd-44e6-4f46-b208-d6addc813fa1/how_to_make_a_banana_smoothie_without_yogurt_or_honey.pdf
- https://uploads.strikinglycdn.com/files/2f383fd9-ba9e-4e21-9e1d-3c980b53ec9c/list_of_conjunctions_words.pdf
- https://uploads.strikinglycdn.com/files/b4c75fa2-6d2d-4825-bd9c-92440922872e/33336329384.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e0a5.bin50b33b86631c4336a10471b073c5cd59d2b1674052171f3db42a050e2e72c48e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0A5 | 5640 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.