MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, suggesting it is part of a link farm designed to manipulate search engine results or redirect users to malicious sites. The heuristic 'PDF_SEO_LINK_FARM' indicates a high volume of such links, and the presence of an external URI points to a specific redirection target. While no scripts were explicitly extracted, the nature of the PDF and the numerous URLs strongly suggest a phishing or redirection attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/award?keyword=adjetivos+demostrativos+ingles+pdf PDF link annotation
- https://liziwozubol.weebly.com/uploads/1/3/4/8/134851467/9dcd5ad1.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4404755/normal_6005a1df007d7.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4412606/normal_5fdcd5de2bca7.pdfIn PDF document text
- https://gomadiwisedewun.weebly.com/uploads/1/3/5/3/135314557/eea75.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4497109/normal_5fd8336b2e5d3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4367635/normal_5ff31e571fcb8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421199/normal_5fff617c9743a.pdfIn PDF document text
- https://guxitubekin.weebly.com/uploads/1/3/4/2/134267073/pinizotuw.pdfIn PDF document text
- https://kumobavogi.weebly.com/uploads/1/3/2/3/132303339/bemazosenij-radegolotej-wuzuborikiwe-noluvanasixakiv.pdfIn PDF document text
- https://fuzewejobedogu.weebly.com/uploads/1/3/1/4/131482867/mepulazebagijuzajo.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4393362/normal_5fe0235d7f502.pdfIn PDF document text
- https://tepewumulu.weebly.com/uploads/1/3/1/3/131384412/kefikezalobej.pdfIn PDF document text
- https://rororejiwep.weebly.com/uploads/1/3/5/9/135966539/d8152c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4383800/normal_602e699dbe0b0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417418/normal_601560ec3c38f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384155/normal_603c5c3aa9fae.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4450730/normal_5ff18da2f21e7.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4416792/normal_5ff8b6106c86c.pdfIn PDF document text
- https://minufufigazibur.weebly.com/uploads/1/3/4/5/134528603/d8bb8ed8.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/793551f3-81f2-484a-8169-ba71ef41be34/rt-n66r_factory_reset.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f596a1db-bad3-4e71-8702-d65aa0c8c56e/gadozulawaremipojoseze.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a44deb4a-c8c5-4c86-beda-51375cd2478e/52529037754.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ff463293-0777-4ac6-bec0-76c7283ab0b6/gofufazutiduxefikitolar.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/634452be-f496-4421-a1e4-63e36efc7967/wowilenumasiwigewisu.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f04d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF04D | 5484 bytes |
SHA-256: 85e117ba9d309965b9e8e1c206a5b515ac2f29c6a1a25fe74bc4caf168eaf29d |
|||
font_01_sfnt_off000102ef.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x102EF | 12192 bytes |
SHA-256: 036bbd692e27db34530cbff42c941def8acc70336dff8a05cdddb4b95da18822 |
|||
font_02_sfnt_off00012a5e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12A5E | 16204 bytes |
SHA-256: c988415812f594187b0a0ed75dc52802e798e1695b49bd300f8412a65040a449 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.