MALICIOUS
176
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.5565
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Fake CAPTCHA / human verification prompt high SE_FAKE_CAPTCHADocument displays a fake CAPTCHA or human-verification prompt — used to trick users into running commands or pressing keyboard shortcuts
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://tevav.co.za/XSRYdR1H?utm_term=agar.+io+mod+apk+latest PDF link annotation
- https://konferencia2014.medius.sk/userfiles/file/pinabaj.pdfIn PDF document text
- https://www.bosingels.nl/ckfinder/userfiles/files/40540791203.pdfIn PDF document text
- http://vallovin.it/userfiles/files/vututej.pdfIn PDF document text
- https://vdbergelectro.nl/wp-content/plugins/super-forms/uploads/php/files/d0dc9680d1f7a0e8ada4cc30a1150ce7/xerajamalodawo.pdfIn PDF document text
- http://xn--80aaa6aachkjln0qra.xn--p1ai/ckfinder/userfiles/files/werogosobulejavojatul.pdfIn PDF document text
- http://stringquartet.biz/web/images/fck/file/32762599040.pdfIn PDF document text
- http://norilsk.torbay.ru/images/uploads/file/xinila.pdfIn PDF document text
- https://orangcar.com/app/webroot/upload/files/tunon.pdfIn PDF document text
- https://mosallaesf.ir/uploads/ck/files/63979016300.pdfIn PDF document text
- http://virtualcharityevents.com/vce_cake/files/files/70449813716.pdfIn PDF document text
- http://xn----7sbndn5at.xn--p1ai/uploads/files/37457509527.pdfIn PDF document text
- https://www.hippocratio.gr/ckfinder/userfiles/files/9762257769.pdfIn PDF document text
- http://bearings-home.com/userfiles/file/faforutadiwesosorubajov.pdfIn PDF document text
- http://gokea.org/upload/editor/files/17977309479.pdfIn PDF document text
- http://mtcongnghiepxanh.com/upload/fckimagesfile/57835761487.pdfIn PDF document text
- http://oppedisanorobertosrl.com/userfiles/files/27450173847.pdfIn PDF document text
- http://cobe-ing.it/userfiles/files/39255570487.pdfIn PDF document text
- http://355353.ru/userfiles/file/kuxuwurilifozupozel.pdfIn PDF document text
- https://vdbergelectro.nl/wp-content/plugins/super-forms/uploads/php/files/b4c7ba8b755ff1789856fa4da0e60d0a/79240623884.pdfIn PDF document text
- https://coombs.gocascadia.com/images/cms/file/fanifuxetefi.pdfIn PDF document text
- https://ldcpc.com/ckfinder/userfiles/files/13661116540.pdfIn PDF document text
- https://sogelec-eng.com/files/ckfinder/files/68696641153.pdfIn PDF document text
- https://baatco.com/ckfinder/userfiles/files/levikadixolukijeza.pdfIn PDF document text
- https://amesmedicalservices.com/wp-content/plugins/formcraft/file-upload/server/content/files/1617044511ad44---zonikulowowoloxef.pdfIn PDF document text
- http://nuovojob.com/userfiles/files/13913533753.pdfIn PDF document text
- http://grafittipng.com/userfiles/files/desigubufofenonekesibuz.pdfIn PDF document text
- http://freewest.at/losozo.pdfIn PDF document text
- http://studiotecnicobergamaschi.it/userfiles/files/81438267020.pdfIn PDF document text
- http://beerskiboot.de/img/upload/file/28615651905.pdfIn PDF document text
- http://wirheiraten.de/images/file/67806709994.pdfIn PDF document text
- http://www.tlo.ntou.edu.tw/ckfinder/userfiles/files/50675201669.pdfIn PDF document text
- https://newline-eg.com/userfiles/file/kilujodurufewipimezaraxa.pdfIn PDF document text
- http://ahjygjg.com/upload_fck/file/2021-10-20/20211020002629624852.pdfIn PDF document text
- http://www.fliesen-brill.de/wp-content/plugins/formcraft/file-upload/server/content/files/160ed927334247---mazezusiro.pdfIn PDF document text
- http://panhongbo.com/ckfinder/userfiles/site_eachfun_com/files/5882566598.pdfIn PDF document text
- http://kukdae.com/files/fckeditor/file/710695258.pdfIn PDF document text
- http://pscemetery.com/userfiles/file/lokinilekekorabojudaxiko.pdfIn PDF document text
- http://qianlong99.org/ckfinder/userfiles/files/5767481359.pdfIn PDF document text
- http://btfa.tw/upload/files/50097896236.pdfIn PDF document text
- http://arohitourandtravels.com/userfiles/file/99591876532.pdfIn PDF document text
- http://luijkzonwering.nl/image/file/45599275828.pdfIn PDF document text
- http://premiumresourcing.com/wp-content/plugins/formcraft/file-upload/server/content/files/161cc95200fa4b---76716454190.pdfIn PDF document text
- http://nyett.hk/uploads/news/files/92319580885.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
+2 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0004cd28.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4CD28 | 17364 bytes |
SHA-256: c29d743c138bd581758608462b289c3f2a885cdad95828a66cf365149741a3bb |
|||
font_01_sfnt_off0004fa47.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4FA47 | 10768 bytes |
SHA-256: 292c8f2313f23566bc4309a7d3e3aac87c17dbf560f160d8e181cc94083a44e2 |
|||
font_02_sfnt_off000512ec.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x512EC | 16560 bytes |
SHA-256: 924ad5cb737cfd9a34472b2046831991df4d3950e5f0d7b552a18309318c2ee9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.