MALICIOUS
184
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains numerous external links, many pointing to disposable hosting services, indicating a link farm or SEO spam operation. The ClamAV detection and ML classifier also flagged this file as malicious, specifically as a phishing trojan. While no scripts were explicitly extracted, the PDF structure and embedded URI heuristics suggest an attempt to redirect users to malicious or deceptive content.
Machine Learning
- Nyx PDF Classifier malicious score 0.7471
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://medvor.ru/pbw?utm_term=music+notation+ks2+worksheet PDF link annotation
- https://paduxadoduxim.weebly.com/uploads/1/3/0/7/130775016/316dbef8502043.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413865/normal_606a15e2023a3.pdfIn PDF document text
- https://jinuwipalo.weebly.com/uploads/1/3/5/3/135332432/fowine.pdfIn PDF document text
- https://wutekeli.weebly.com/uploads/1/3/1/3/131379380/a6bb5.pdfIn PDF document text
- https://nitaluba.weebly.com/uploads/1/3/4/3/134348735/56d8dd11ab892.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4383165/normal_604a165e4a187.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8622e1b-7855-4908-857c-6aab5d20f565/zimixop.pdfIn PDF document text
- http://dekokos.pbworks.com/f/naxezifudikupenozimujaf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/329c7040-32a1-49d6-ba29-34f0e4323f27/jutewerikigodawarovan.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9789b410-63e2-4985-b4c4-1e0a0d64d0ba/lomipenev.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4ccc677d-7c66-4121-b38a-35448dd28ceb/how_langston_hughes_died.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f9e31596-780f-4fcd-ae9f-523a03e87448/24941638596.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f02321c7-7e96-4e16-90b9-3a16c2b44056/nukosuxafudej.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8828127b-a197-4302-85fd-339fc2e8ea4c/zoduwa.pdfIn PDF document text
- http://kipizasuzeda.pbworks.com/f/69762398152.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7459de3a-e277-4902-b4c5-0e9b948a6ccf/didonuwevepele.pdfIn PDF document text
- http://xoxafepapesu.pbworks.com/f/wings_of_fire_rainwing_icewing_hybrid_names.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e5796888-8dc5-4232-a867-bdf7816c547c/memunuvipenoweronu.pdfIn PDF document text
- http://nusuwoxub.pbworks.com/w/file/fetch/144413820/15093929695.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.