MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains numerous embedded URLs, many of which point to disposable domains and are flagged as part of a link farm. The ClamAV heuristic identifies it as a 'Pdf.Phishing.Trojan', indicating a malicious intent to phish or deliver a payload. The document body, though heavily obfuscated, suggests a lure related to 'cost accounting interview questions'.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4770
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/award?keyword=cost+accounting+interview+questions+answers+pdf
- https://cdn-cms.f-static.net/uploads/4378151/normal_605330e3ac5ac.pdf
- https://static.s123-cdn-static.com/uploads/4480753/normal_6006e35e33e7c.pdf
- http://xutifufaxe.mypressonline.com/antioxidant_activity_of_plants.pdf
- http://boxijogirexu.medianewsonline.com/what_do_you_do_if_your_samsung_tv_wont_turn_on.pdf
- http://jisuvakuwiraza.medianewsonline.com/will_fifty_shades_of_grey_be_on_netflix.pdf
- http://beautytopshop.site/pedesamazudowakelumixbch7q.pdf
- https://cdn-cms.f-static.net/uploads/4468294/normal_6035a50a39024.pdf
- http://xeberul.mywebcommunity.org/83116255331.pdf
- http://gilumesu.mypressonline.com/30823536775.pdf
- http://buyervannakupitvsem.xyz/central_angle_of_regular_12_sided_polygonf7hfj.pdf
- http://olx-delivery.cc/calendario_sep_2019-203c82e.pdf
- http://usmileofficial.site/91245167828llk7f.pdf
- http://nitiwopororotef.mypressonline.com/watidosudejurapukogetupup.pdf
- http://sinusudixuxuwad.atwebpages.com/is_cyberpunk_worth_it_on_series_x.pdf
- https://uploads.strikinglycdn.com/files/6a227469-a90b-4c03-a878-0ecac1f06139/high_probability_trading_marcel_link.pdf
- https://98771922-91e4-4673-aa0d-7794f4435593.filesusr.com/ugd/b6aaa0_2c142f3a55d64203825c01d5543346cb.pdf?index=true
- https://uploads.strikinglycdn.com/files/cd4df41f-25ec-44a8-9979-5616b2f4e8a5/75805610131.pdf
- https://41fe7446-7195-45c8-906d-de5e784989f9.filesusr.com/ugd/e02969_ab6089a156474f6b924f92390985d8d4.pdf?index=true
- https://9849c7ec-8b19-4b81-9a64-db2537ea7c40.filesusr.com/ugd/97b1c0_0219682818164be39954e05449e21865.pdf?index=true
- https://uploads.strikinglycdn.com/files/cc979de4-1fa4-480e-839f-748b48ecb1ae/xubidom.pdf
- https://uploads.strikinglycdn.com/files/80e458a7-2074-442d-9840-e9e189a2d238/were_ancient_roman_buildings_painted.pdf
- https://8c285b57-3156-47ce-881b-df665acc117b.filesusr.com/ugd/8d46c2_6f26c113b0e1436a8b399b06159f03f6.pdf?index=true
- https://e1bd05e7-a2ed-43df-b5fc-9bc8ee0b1a84.filesusr.com/ugd/08acf3_7f910ac5f83d41eb892ebd1572e68e29.pdf?index=true
- https://uploads.strikinglycdn.com/files/a09ed3dc-ef60-4674-8c33-bdcdb214eab9/bob_revolution_duallie_car_seat_adapter.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.