MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV and a machine learning classifier, with heuristics indicating it contains a link farm and external URIs. The primary malicious URL, https://pelibifir.ru/award?keyword=natural+and+anthropogenic+sources+of+air+pollution+pdf, is likely used to redirect users to further malicious content or phishing pages. The PDF structure and embedded links suggest an attempt to disguise malicious activity under a seemingly legitimate document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=natural+and+anthropogenic+sources+of+air+pollution+pdf PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://2ddedb0e-b7b0-41c9-a8bc-c018bd0e6e4c.filesusr.com/ugd/70094d_17aa3d299e6e4c8f9f33a4a0f95143a8.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/e65979c9-5af9-41d0-a0bb-39108f7da4a8/85620801008.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01bd96fc-126e-4171-9f63-947721d74fd1/dibufonizasaworiwa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab287393-e7fe-47af-8da9-2e9a274f1c07/ssis_deployment_tutorial_gateway.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cdfd9267-d48f-4cea-b87f-2956313cbbad/gisel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e5b8844a-4f09-41db-9d5b-5be44bfc9a18/34694558001.pdfIn PDF document text
- https://d4508431-0eee-4913-ac2a-2ec907ed9b18.filesusr.com/ugd/12daa7_d193cb442c10449b82d488719d864ff7.pdf?index=trueIn PDF document text
- https://ba10d46a-d7c1-43af-8542-f1a50f31aa8a.filesusr.com/ugd/4dded2_026e8e5cc5e0432c92f1db8877b2c404.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/00946e0e-7914-48de-a10e-9723650c4b63/hunger_games_mockingjay_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c1252824-2061-4781-834e-ea82e1e40af6/does_sony_xplod_have_bluetooth.pdfIn PDF document text
- https://s3.amazonaws.com/lixuzo/kebinurewumizamu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3997e0cf-e297-4e0b-8e60-408aa5ba8ed2/20975232360.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7d21444-7ac7-4c81-b5aa-631c1cb03aa7/everybody_lies_house.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aee2faa3-b7e4-4242-89b5-850a376cf64d/38772281952.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1e78b87f-b05b-4dd6-8d18-4d06606781bb/41077152537.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13f82786-61b0-4300-afca-b8d6a640f226/how_to_set_the_time_citizen_eco_drive_skyhawk.pdfIn PDF document text
- https://eb40363d-1d1f-4170-a897-f23f0f433116.filesusr.com/ugd/2a1429_791df14e5b4b4ab9b399a9b689e7ab4a.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/dudujopixejikug/duraflame_infrared_electric_stove_reviews.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/afea4835-8e4e-4eb6-90d7-f5d56e3d3bd3/88891346853.pdfIn PDF document text
- https://s3.amazonaws.com/kuboki/luvizowegaraginur.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cba2c78a-ab95-4130-a1de-aa266dc1d1f2/83851664549.pdfIn PDF document text
- https://67dc9804-4028-4298-afd7-d431d2c16fe6.filesusr.com/ugd/559c84_d159546faf4b4de4b8bcb9d65db7e2b9.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f46e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF46E | 5388 bytes |
SHA-256: f73c2cb51a2415826f47478a388498c690dafae9bbe2642fa76351de639f9f7a |
|||
font_01_sfnt_off000106be.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x106BE | 10156 bytes |
SHA-256: a6afaa948a48b814a396c640bfa5879f76ad77ce53dca1ba3545c0ca1e5357a0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.