MALICIOUS
186
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wix?keyword=ivation+electronic+gun+drawer+safe+manual PDF link annotation
- http://netlysy.online/31822902011kk2cf.pdfIn PDF document text
- http://najelipopusivut.getenjoyment.net/pedemile.pdfIn PDF document text
- http://bupetud.xyz/tuesdays_with_morrie_quotes_about_teachersndo69.pdfIn PDF document text
- http://secureappeal.com/will_shimano_di2_to_wirelessg87ua.pdfIn PDF document text
- http://gelokan.sportsontheweb.net/77140442094.pdfIn PDF document text
- http://kefudepoduwudi.sportsontheweb.net/36161522130.pdfIn PDF document text
- http://dejonuv.22web.org/cockroach_poker.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://73af689e-4c80-4f62-99d3-7a886641ad81.filesusr.com/ugd/3b5dd9_b5c8d361b63c410e8a11b24b4b3312b7.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/68a3821b-f6e9-4996-8900-5ddeb9f486ce/25082040906.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d7a7d78-1be1-4365-be59-945498648ad1/10_years_experience_core_java_interview_questions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5bdedd23-e567-47e4-8196-3600708ca094/xunufudimowigazarokezawob.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/429f2925-88b1-443c-99c4-b4f76e458d89/international_marketing_planning_process_ppt.pdfIn PDF document text
- http://jeborawaleko.atwebpages.com/the_bronze_horseman_movie_imdb.pdfIn PDF document text
- https://832c8a8d-f05d-46e3-9166-97d9de82ace4.filesusr.com/ugd/432509_80a306a2aaba4f84921c0b402718d025.pdf?index=trueIn PDF document text
- https://b1706aec-e9b1-4c6c-9a93-f14ef4a1c402.filesusr.com/ugd/3b47cb_e4363d56a9e44a1e96591109efac03f4.pdf?index=trueIn PDF document text
- http://bitines.myartsonline.com/25920680195.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e24c5f7-8769-439f-879c-5ae4b2be0023/pixupanagoboxekaz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/836820cc-eab5-4fe5-ad3b-d9a5cb61647c/66443496205.pdfIn PDF document text
- http://rijowetunif.rf.gd/21659063533.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4596cfd7-7996-4aa7-a1bb-f254ddc3e6b8/11556596148.pdfIn PDF document text
- http://tumewadeb.epizy.com/39499343112.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/474f52c6-87f9-4dad-8476-42a0edebdbdb/foods_you_can_eat_on_the_flat_belly_diet.pdfIn PDF document text
- http://pojezevosolodo.rf.gd/catatonia_scale.pdfIn PDF document text
- https://b634734f-67aa-4edc-9b69-dcf7610e4690.filesusr.com/ugd/c86859_b9f226a0636242039773729a68200e5d.pdf?index=trueIn PDF document text
- https://981168d4-05fc-44b6-871d-73371d7e8cf1.filesusr.com/ugd/87d215_3e86322e49c94e4796797371707a5846.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000113de.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x113DE | 5428 bytes |
SHA-256: 77cc6dbb1294f6138cbe0ed0be1e92f2efa9d6519ac322649623681a1ad57df5 |
|||
font_01_sfnt_off00012659.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12659 | 11976 bytes |
SHA-256: 8586f6b60cded0fe3a5710adb439c2c07c48bc88ab2d28330d193ec3c0abcde4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.