MALICIOUS
196
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wix?keyword=animal+cell+coloring+worksheet+key PDF link annotation
- https://kafomepavazepa.weebly.com/uploads/1/3/1/4/131409794/e69de4f932228.pdfIn PDF document text
- https://bametijabazi.weebly.com/uploads/1/3/4/0/134041776/a06e97.pdfIn PDF document text
- https://majuxakitififez.weebly.com/uploads/1/3/0/7/130738909/694724f29649.pdfIn PDF document text
- https://luwumevawosa.weebly.com/uploads/1/3/5/3/135322316/fovulefawobezij.pdfIn PDF document text
- https://mawobomogagot.weebly.com/uploads/1/3/4/1/134109187/6580996.pdfIn PDF document text
- https://linefalaxig.weebly.com/uploads/1/3/2/6/132682404/58894.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://8488b7ac-84bc-45ae-88ed-26841205fc59.filesusr.com/ugd/7cda3c_14b05222714c4a0298e8033d3bbc2d91.pdf?index=trueIn PDF document text
- https://a79fbd7c-12a6-44fe-9d3c-43dc2b0795a8.filesusr.com/ugd/f95141_da6214b7b6dd4c359d7d87f8a7b39ef2.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jenagubadopi/35093634311.pdfIn PDF document text
- https://76f5a3e5-08d8-4581-9975-6c1b933a1845.filesusr.com/ugd/dbbd16_a1a66311fc194431bbc923a5a73c072c.pdf?index=trueIn PDF document text
- https://a2fe464c-28d1-4db8-bb2d-552ad9bc2f4d.filesusr.com/ugd/941bb1_096d17add2334dc29bffc6a8c5350470.pdf?index=trueIn PDF document text
- https://584abdf6-e408-48d3-a53c-4313a8f82471.filesusr.com/ugd/18ee90_f4f544cd5c6e4d4d867f85337b862b6f.pdf?index=trueIn PDF document text
- https://627f215e-41ba-4aa4-9906-5f9f9d117739.filesusr.com/ugd/8ab72e_a4e40116084441ea9ebe4b4184cde0c9.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/nonipesikiri/3328150342.pdfIn PDF document text
- https://9526c93a-d340-4dca-b5fd-2864ff0888c4.filesusr.com/ugd/4c3d6a_e93af0d16dca47048f8f18bf44dc6386.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/ganubatebedoxez/90066659754.pdfIn PDF document text
- https://a161ff94-1a6f-4367-b6f8-8e513a5e676d.filesusr.com/ugd/4c7633_dbed55d53a87443e99794dbffd0b31db.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/nupotukig/92324708014.pdfIn PDF document text
- https://s3.amazonaws.com/nemafu/wubiz.pdfIn PDF document text
- https://s3.amazonaws.com/wovisak/10131334398.pdfIn PDF document text
- https://f2d828cf-06d9-46ea-85af-d88b0bc20d44.filesusr.com/ugd/501a20_54124f28c5a1436b8a146045299e3914.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cecf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCECF | 5248 bytes |
SHA-256: a5bbda8683bf8ff542a15843afc0b73905dfe29459863f3f77ce0dd755126f63 |
|||
font_01_sfnt_off0000e07c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE07C | 10236 bytes |
SHA-256: afff37ec55ea0822b5f186facafec8e51a292f38ebb50ae3d8f2d106d98ad4a9 |
|||
font_02_sfnt_off00010369.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10369 | 4324 bytes |
SHA-256: 9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.