MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, a common tactic for link farms or phishing lures. The primary malicious URL identified is `https://midufefew.ru/strik?utm_term=kia+sportage+2020+boot+dimensions`, which is likely used to redirect users to a malicious site. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/strik?utm_term=kia+sportage+2020+boot+dimensions PDF link annotation
- https://static.s123-cdn-static.com/uploads/4408481/normal_6007b948de667.pdfIn PDF document text
- https://xubegiwemaf.weebly.com/uploads/1/3/5/3/135308842/74ae9560faf9b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4464539/normal_5fd6c6889da1a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402951/normal_6047b64dd6d43.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4408324/normal_5fca241ca2840.pdfIn PDF document text
- https://bebejumupetokox.weebly.com/uploads/1/3/4/5/134513190/mipovutugivuzomaraga.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4381738/normal_5ff4ffe9d9a16.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377908/normal_601ec966a7dd9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485010/normal_6037475dc027d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416789/normal_603da7ff9a09d.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/c451c787-f1fa-483e-b3ff-aaf791f02c46/37201134372.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a5cc0eea-353a-45ee-ae1d-b7bbd4208c37/troy-bilt_super_bronco_50_xp_riding_lawn_mower.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/512b7c38-8a07-4c91-b973-bab38be3f1bc/depiburususipogijozekin.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d663e54-7e7a-4e82-8d4c-9e156dff0afc/64808661705.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/73569686-adb0-45c1-b326-29d63c410bd0/dirt_devil_featherlite_vacuum_parts.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4e3e8d59-2f9d-4cb6-8ccf-19e33e6adb01/1129466783.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/261962b3-f1c2-4d2c-b38f-ff686a2e6efb/80005741461.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89ac7096-7e87-48eb-b45c-483214f73ab0/how_to_read_syringe_needle_sizes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/87d5260e-3ebd-4119-9ff3-8143b84d58de/resarovatigudiludur.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e6c35a94-e4d2-45d8-b486-a481af076727/the_norton_field_guide_to_writing_5th_edition_with_handbook.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00013584.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13584 | 5632 bytes |
SHA-256: 1ce9378997b0f0e2d774d3bd9764363c413f4a90daf4aebf7e4adfe13db4aac7 |
|||
font_01_sfnt_off00014899.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14899 | 11292 bytes |
SHA-256: 75f5895541761eba1d32d767aa215fd894c9689f3084900a7f05b2328a20c8d2 |
|||
font_02_sfnt_off00016f56.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16F56 | 16312 bytes |
SHA-256: 5c4067032a8fce453fe2ae6a5aac4b85dce6bf71e3085ea8d4fdb732b9d02615 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.