MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'https://nipisod.ru/123?utm_term=bully+lite+v4+apk+only', which is likely a phishing or malware distribution site. The heuristic 'PDF_SEO_DISPOSABLE_LINK_FARM' further suggests a malicious link farm, reinforcing the phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/123?utm_term=bully+lite+v4+apk+only PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/088e13b6-02ed-478b-945b-42f496093611/kenuxexijizafagak.pdfIn PDF document text
- http://komogabovuwa.pbworks.com/w/file/fetch/144541671/los_protocolos_de_los_sabios_de_sion_resumen.pdfIn PDF document text
- http://noxiwako.pbworks.com/f/26420626480.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cd51d1ee-20e3-4b6b-8204-42d6dcb26816/copycat_chick_fil_a_nuggets_low_carb.pdfIn PDF document text
- http://lekuzax.pbworks.com/f/gattaca_movie_questions_quizlet.pdfIn PDF document text
- http://tasonupopam.pbworks.com/w/file/fetch/144504213/restart_by_gordon_korman_summary.pdfIn PDF document text
- http://pamotekegopa.pbworks.com/w/file/fetch/144476364/is_manual_or_machine_blood_pressure_more_accurate.pdfIn PDF document text
- http://kimotamiju.pbworks.com/w/file/fetch/144505164/2455725501.pdfIn PDF document text
- http://vawaguzidatu.pbworks.com/w/file/fetch/144423993/riganugate.pdfIn PDF document text
- http://magobok.pbworks.com/w/file/fetch/144555966/rarizofaranime.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e697d68f-ff7e-4dcf-8dc6-7b2fa53b6ab5/cules_son_los_tipos_de_comunicacin_virtual_que_hay.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/150979ee-ff63-4078-ba35-dbe6e08465d6/81264488954.pdfIn PDF document text
- http://mapijakemifo.pbworks.com/w/file/fetch/144431475/levels_of_biological_organization_activity_worksheet.pdfIn PDF document text
- http://wiwedano.pbworks.com/w/file/fetch/144425343/wubamad.pdfIn PDF document text
- http://banusiv.pbworks.com/w/file/fetch/144480975/zepusulilagezagifa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e1594e7-5568-4362-b9fc-d8b5012a8211/jaxigubo.pdfIn PDF document text
- http://zawepiko.pbworks.com/f/50693264500.pdfIn PDF document text
- http://doxawadar.pbworks.com/w/file/fetch/144496566/jai_ganesh_deva_aarti_full_song_free_download_by_anuradha_paudwal.pdfIn PDF document text
- http://nilanom.pbworks.com/f/how_to_make_a_dog_house_out_of_pallets.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7685d6b-9b9d-4883-8908-4e019135aca3/best_stock_market_books_of_all_time.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f3a4df0e-8e26-42b5-83bf-ed1c0eebd5d9/mibuzev.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e98b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE98B | 4784 bytes |
SHA-256: eecd190e0d8db8619b3c5461cbe143ab01c209c0245ba3441b7538caf91d2f13 |
|||
font_01_sfnt_off0000f9f8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9F8 | 10816 bytes |
SHA-256: 70dce2f4fbe95ae39f2916cd212b93e4f65815d9ddac40ae97dad3234dc37049 |
|||
font_02_sfnt_off00011e6b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11E6B | 16616 bytes |
SHA-256: 7ab81ce3d92a9ec80982bbbf7df4378fdf9290867a146be245f32411f9d17586 |
|||
font_03_sfnt_off00013501.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13501 | 4324 bytes |
SHA-256: a542ec26cea93e049a2e27cd59b1347dd9bbdea13775fd7b822b3c2b3136116f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.