MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, identified as a 'PDF_SEO_LINK_FARM' heuristic, suggesting an attempt to manipulate search engine results or distribute malicious content. One prominent URL, 'https://traffnew.ru/aws?utm_term=betika+free+apk', is directly embedded and likely serves as a lure. The ClamAV detection and ML classifier further indicate malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.8068
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/aws?utm_term=betika+free+apk PDF link annotation
- https://cdn-cms.f-static.net/uploads/4490251/normal_5fbe32e7bd60e.pdfIn PDF document text
- https://zemodeviwiteg.weebly.com/uploads/1/3/4/3/134351550/87e644654aab.pdfIn PDF document text
- https://lajutiruwogow.weebly.com/uploads/1/3/4/5/134585316/vibaza.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4423452/normal_5f96e79541b0e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4407795/normal_5fbd8765caace.pdfIn PDF document text
- https://pipalilivo.weebly.com/uploads/1/3/4/3/134310902/kekipitopigugut_xesar_zaluzoreda.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450158/normal_5fd3b90a3d762.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/33ecbc8d-537a-4f2b-aa80-9e43b4e6b7fb/fiwufupurolijoti.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/51a6703c-0c7b-4009-bbe5-beca1b4904a2/nitukopipo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6662abe9-7638-4f5b-8344-d5ed5b986ca1/scream_poster_face.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ff203b29-8c5f-4739-a0cf-697389ca6ddb/34999636587.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/41d51377-861f-4bfe-8867-7a05a4cc2323/16613754574.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/71b5d4c4-8b31-4da1-930e-5545e68f80b0/47620532860.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a5d717b7-a2e3-4e52-a972-3398eba61c3c/xokadumexovasenifof.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cc04.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCC04 | 4796 bytes |
SHA-256: c8cf9d189cfa3ade74622b1144b5918ec857ba646f641f605b629690750bbf45 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.