MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, with a critical heuristic identifying it as a 'PDF_SEO_LINK_FARM'. One of the primary external URIs, 'https://midufefew.ru/strik?utm_term=cartoon+analysis+worksheet+andrew+jackson', is suspicious and likely leads to a phishing or malware distribution site. ClamAV also detected the file as 'Pdf.Phishing.Trojan'. The document body, though heavily obfuscated, suggests a lure related to a 'Cartoon analysis worksheet'.
Machine Learning
- Nyx PDF Classifier malicious score 0.6370
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/strik?utm_term=cartoon+analysis+worksheet+andrew+jackson
- https://cdn.sqhk.co/xidizizo/7BQg5ia/bitafidunapewanuraxoki.pdf
- https://pupizotewijuguw.weebly.com/uploads/1/3/0/7/130775862/1866483.pdf
- http://demask.fun/fluid_dynamics_simulator_appu5qf8.pdf
- http://copyrightprivacy.site/91842408545t735s.pdf
- https://xomugiwonin.weebly.com/uploads/1/3/4/2/134266294/gujazopagivig.pdf
- https://cdn.sqhk.co/dajuzafum/Egghjhb/sanico_inc_jobs.pdf
- http://7lessons.fun/wegazibuzigemalibokuwugeb98ilq.pdf
- http://baxezafewel.iblogger.org/45081950561.pdf
- https://nefirekemoziwep.weebly.com/uploads/1/3/4/3/134332842/movexilax.pdf
- https://cdn.sqhk.co/dasisogi/DjdLLfd/85120150860.pdf
- http://snatural.space/fejikirusuxaam3.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://aed0ee3a-d217-4696-a563-de9ff15d6c37.filesusr.com/ugd/f80e3f_27238d3a677d4f1ab10a9c8bf8ea9b4a.pdf?index=true
- https://73856814-13bb-4d44-aeaf-752cce6ba6bd.filesusr.com/ugd/a0d21a_c1cccc98f8cd46b0971a76e42d9cc5c7.pdf?index=true
- https://ecf8b3bd-8201-449f-a39c-156acd88681e.filesusr.com/ugd/97634b_c589fcb5944148da9acf6d45d0aa314a.pdf?index=true
- https://521a9f5b-5c7e-4f25-a9e4-5446fb1b1975.filesusr.com/ugd/c1a494_efc2c4f1e6694851b70b663e5acfcea8.pdf?index=true
- https://0491f86b-060d-4f4a-be23-b0d01488777f.filesusr.com/ugd/faa7ef_4b80640d6716413aa5131cca971afe85.pdf?index=true
- http://rikabaxonis.rf.gd/how_do_you_change_the_filter_on_a_whirlpool_refrigerator.pdf
- https://6d23287f-a15b-43b7-8d69-700c0e01f504.filesusr.com/ugd/185c00_2451b709bcea4d818f8c00aefb3d9130.pdf?index=true
- http://dominomufu.rf.gd/dante_inferno_sparknotes.pdf
- https://8d90b851-447f-4cfc-ac95-1e867b71b983.filesusr.com/ugd/b371d9_a9e08a8d9f024fabb6572e906b392a35.pdf?index=true
- http://limedebenilaz.rf.gd/adobe_signature_disappears.pdf
- https://ac402fee-74f4-49a6-b5a4-6a03c6a057de.filesusr.com/ugd/b0cd75_5bf0aef08e164f6abef7862cf6b4e6ea.pdf?index=true
- http://jajowisomipuw.epizy.com/how_to_charge_magic_mouse_2_apple.pdf
- https://4eff3ec4-d147-45d1-be73-876d9e1d0019.filesusr.com/ugd/efb3f0_151d00b53a2d4f4b8d5f3e457773d085.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00014743.bin2a286e1ef6704cdc98e46aeb7d73c6b00f26d2cf57d01e6168c0521a1cb666ab |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14743 | 5268 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.