MALICIOUS
242
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.7771
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/award?keyword=monster+bookmark+template+pdf In PDF document text
- https://pejegenipejixe.weebly.com/uploads/1/3/4/8/134848799/8d5628.pdfIn PDF document text
- https://motonolezigit.weebly.com/uploads/1/3/2/8/132814123/ropuropilusodix-rezurugo-zoxumesazajolob.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://28ed73df-463f-41d7-bc87-4635118fd8e0.filesusr.com/ugd/74acc8_de26fe45d6b34819bf42dd83715e3c0d.pdf?index=trueIn PDF document text
- https://95a83a18-022f-4aa5-9dc2-588eac4c5c4a.filesusr.com/ugd/ccb6ab_66183d3507b6422fa76e3bc68403b602.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/60c9eb09-46ce-43d0-a8f7-6d8ec60e510f/didipujurizanag.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b07d3f6-0f8e-473d-9a14-27c29895db31/monster_2003_streaming.pdfIn PDF document text
- https://77701ba7-c5ad-4750-ab17-5b03548f7fc0.filesusr.com/ugd/9a242c_813b2b692de2488c9bc245353a21479d.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gateme/zadigone.pdfIn PDF document text
- http://navibizo.rf.gd/kafuwogejozokesuvakik.pdfIn PDF document text
- https://4900ecec-7ac1-411c-be2c-b077674085c8.filesusr.com/ugd/493135_79c18896ff644ae48cd95c72777e21de.pdf?index=trueIn PDF document text
- http://dexifuv.epizy.com/molecular_genetics_lecture_notes.pdfIn PDF document text
- https://s3.amazonaws.com/sajatesawodiji/2007_buell_xb12r_service_manual.pdfIn PDF document text
- https://s3.amazonaws.com/bejikefowu/wevunimak.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d1ebd03-38f9-4ec6-aa75-c8ac1de92715/mizebenumiwuxurilutege.pdfIn PDF document text
- https://66f9c2bc-82a6-463d-9ccd-9c94d3d8805e.filesusr.com/ugd/b361c6_1fb14fbc6cfa4ffbaabe2d27ac38bc91.pdf?index=trueIn PDF document text
- https://d52369c8-37f2-40d9-9d5f-d682b3b4a2e4.filesusr.com/ugd/6d5a7b_86ba8c5cde8a42d094014772d2c169fb.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/157e614e-9950-450f-8bcc-d3928a5cf198/what_is_atf_4_transmission_fluid.pdfIn PDF document text
- https://s3.amazonaws.com/pizexopenaxu/rodrigo_concierto_de_aranjuez_sheet_music_free.pdfIn PDF document text
- http://mezanemuwagoso.rf.gd/fezarejomibewutanetovubo.pdfIn PDF document text
- https://1c684d3d-b1aa-4d58-8f8e-408f9cf37fac.filesusr.com/ugd/64d889_2eb0b915a6c347bbb3df8d51cec038c4.pdf?index=trueIn PDF document text
- https://486bfeb6-87d8-40a3-812f-3449909c9139.filesusr.com/ugd/81b904_48c02d5a21584147be082a3a8dea853f.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tumuzu/85976705085.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eda9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDA9 | 5396 bytes |
SHA-256: 94fa41f07838148defd1a712e6d908981bc346fbc4004d1ab0847ecd13a34262 |
|||
font_01_sfnt_off0000ffef.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFEF | 10184 bytes |
SHA-256: ad3add34d1e718b2196fef838b03300656da98d52837d66ea11a7c21bc022599 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.