MALICIOUS
194
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains heuristics indicating it's a malicious redirector and phishing attempt, specifically using a lure about 'community health centers pinellas county fl'. The primary malicious URL identified is https://yafferge.ru/strik?utm_term=community+health+centers+pinellas+county+fl, which is flagged as a known malicious redirector. The ML classifier and ClamAV detection strongly support its malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.9960
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/strik?utm_term=community+health+centers+pinellas+county+fl In PDF document text
- https://cdn.sqhk.co/dowivita/enWZIsJ/green_panda_bamboo.pdfIn PDF document text
- https://cdn.sqhk.co/mubogasaven/fwgiRYQ/34643993546.pdfIn PDF document text
- https://cdn.sqhk.co/mozigizax/AggWAiF/dazevate.pdfIn PDF document text
- https://cdn.sqhk.co/divojimo/hevOheA/9539572282.pdfIn PDF document text
- https://cdn.sqhk.co/xubuzivo/ghjh2gj/a1_size_cardboard_sheets.pdfIn PDF document text
- https://cdn.sqhk.co/fapetemiji/kijghhg/occupational_therapy_schools_online.pdfIn PDF document text
- https://cdn.sqhk.co/fepogosu/ifggSib/simple_and_clean_piano_sheet_music.pdfIn PDF document text
- https://cdn.sqhk.co/vilitemeru/ihUhdWk/megan_is_missing_true_story_news.pdfIn PDF document text
- https://cdn.sqhk.co/vawapisoxe/wihasmg/messi_vs_ronaldo_free_kick_goals_statistics.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/08d569f9-f956-447d-9af6-5e7e31d7b587/19870073476.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4e37c4cf-4c24-4979-9bcf-b823b60f7e0a/pdf_oxford_dictionary_english_to_urdu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7e5a7e56-64ce-452d-b74c-5a503b52a374/xodaligirumafawi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3cd19dcc-9f1e-4de6-acfc-84b76769fba4/15414479807.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6544379d-a8bc-476d-9876-71c59d9b945f/how_to_quit_smoking_easy_and_fast.pdfIn PDF document text
- https://s3.amazonaws.com/tawosutosuxi/77859440846.pdfIn PDF document text
- https://s3.amazonaws.com/penale/macos_catalina_10._15_gm_seed.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/05b5c2f3-2e45-4152-9ca9-b3cf302d5677/resam.pdfIn PDF document text
- https://s3.amazonaws.com/tomaxade/30120600584.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae8a19d4-c6ec-4eac-ad73-d54aa63ac6f5/71677461831.pdfIn PDF document text
- https://s3.amazonaws.com/risisipajole/14551772726.pdfIn PDF document text
- https://s3.amazonaws.com/vigevot/customer_appreciation_certificates_templates.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c5d817bb-d64b-4599-932b-756869914f6d/how_much_is_a_2000_watt_generator.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de466395-b93a-4955-b816-eb3d77cf78c3/37098901228.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8b37f97d-310f-46b1-b70b-1065a9bb6108/33956798468.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6f7ae066-15d1-4a4e-9eef-b15a4c14752a/what_is_the_food_safety_act_uk.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e815b9bf-7d29-4c86-bcaa-281579f15ceb/jotusokajanovenu.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f020.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF020 | 5260 bytes |
SHA-256: c1887fc3c45128bd2ebb1ff28346c1539d430462ac0be7c798ec321847c74acf |
|||
font_01_sfnt_off000101dc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101DC | 11176 bytes |
SHA-256: 4c3b47878dffa150cbf94372f64306355a084333005699c465d63e93654390be |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.