MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, a common tactic for link farms and phishing. The ClamAV detection and ML classifier strongly indicate malicious intent, specifically identified as a phishing trojan. The primary malicious URL, https://gimoguvi.ru/award?keyword=medical+termination+of+pregnancy+pdf, is likely used to redirect users to a fraudulent site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/award?keyword=medical+termination+of+pregnancy+pdf PDF link annotation
- http://ladyso.ru/all_of_me_piano_guys_sheet_musictw0z8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369802/normal_6018d7fe8fade.pdfIn PDF document text
- http://bilkan.fun/creo_parametric_4._0_tutorial_deutschm32v3.pdfIn PDF document text
- http://reflectionss.space/buckeye_community_health_plan_providcw0qo.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367940/normal_5fd2514627fd7.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4446491/normal_6004d9ba2b0e3.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://ebd73b9a-b255-48a5-b781-2bd84b483b4c.filesusr.com/ugd/956c05_4b2df0305be44f8490854c63b97a4e57.pdf?index=trueIn PDF document text
- https://c84ffda1-e72a-45fa-8ce8-a771970cf326.filesusr.com/ugd/9fd656_4a26cc885c1f4047b07ae7ac7d754a00.pdf?index=trueIn PDF document text
- https://44bb6ee8-a0fe-4f72-890f-0f0a2fec05cf.filesusr.com/ugd/b65acf_2d6f137128aa4a159c5cf321a380c4ee.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/dusubonifu/saddleback_english_grammar_book_1.pdfIn PDF document text
- https://s3.amazonaws.com/piwupevivotixi/64009011390.pdfIn PDF document text
- https://22449060-8e30-4723-8828-967625cce342.filesusr.com/ugd/eddc50_7e4127db36b846b5889f8b5ba7dae763.pdf?index=trueIn PDF document text
- https://920f4c01-5fd6-4c40-8b27-b99972fecb60.filesusr.com/ugd/d63aaf_5c6ee706178f45e887fb8e4141f5c6bf.pdf?index=trueIn PDF document text
- https://9afb1793-bc57-4514-bb46-74e980466609.filesusr.com/ugd/11f207_bc7d67d6703540c1bc38e0175d5bebe1.pdf?index=trueIn PDF document text
- https://1d812fcc-cfc3-4558-a870-56fc5b7f4c2e.filesusr.com/ugd/754d94_1eca295298d542f396159d75a0426765.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/nokiva/17266043997.pdfIn PDF document text
- https://ddb1515c-011f-4d6c-9a6c-b305a2039a85.filesusr.com/ugd/477ac5_2bf875159b5544f8aee2c6d4f51bcec3.pdf?index=trueIn PDF document text
- https://6baea7ca-81e4-4a11-8410-716433a99462.filesusr.com/ugd/764aaa_9486f8f08013431a8545f459df42659e.pdf?index=trueIn PDF document text
- https://1c54689f-8f60-44d8-8d81-b144d6ea8ada.filesusr.com/ugd/787b0a_98796491b53f4a819e8652c3ce218b90.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/levovod/blank_html_page.pdfIn PDF document text
- https://s3.amazonaws.com/lerezazo/farogi.pdfIn PDF document text
- https://8eb0ff2f-1b5f-41fb-a82b-bf279dc7f43e.filesusr.com/ugd/868f76_f895eb5d6d854e9bbf327a90a172a0fa.pdf?index=trueIn PDF document text
- https://fc06435f-e709-4c80-b59d-96fa470c1a13.filesusr.com/ugd/bdc04d_b1e711854c504d769a279a3c39cbb74d.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010276.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10276 | 5404 bytes |
SHA-256: bb754499b44c28b10a685cfec1c1cee1417a4397079b0bb12de14861447876ea |
|||
font_01_sfnt_off000114db.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x114DB | 10356 bytes |
SHA-256: 1591313710efabaa9aec970da9201e3e4ce6bf6ebc04981602543fa6c626112b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.