MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many of which are SEO-optimized, suggesting a link farm or phishing attempt. The ClamAV detection and ML classifier further indicate malicious intent. While no scripts were explicitly extracted, the PDF structure and embedded URLs point towards a phishing or malicious redirection scheme.
Machine Learning
- Nyx PDF Classifier malicious score 0.9637
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/award?keyword=mecanica+del+aparato+locomotor+pdf
- http://maska-respirator.shop/61407528582dgn8t.pdf
- http://naturagrush.space/afk_master_best_heroesq78lo.pdf
- http://speak4pro.com/anery_kenyan_sand_boa_care_sheet04rf5.pdf
- http://hook-up.fun/xbox_one_live_gold_codes_not_usediqi86.pdf
- http://trackcreditscore.info/concordancia_exhaustiva_de_la_biblia_strongsfflu.pdf
- http://mybestchan.online/campo_laboral_del_psiclogo_educativo1a6tq.pdf
- http://tizezs.xyz/48550176329hmay.pdf
- http://esagafow.fun/dj_remix_audio_song_comtl0k6.pdf
- http://buylettersonline.com/299396757140nr7s.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://75e6d08a-b14f-4c2c-bd4e-3e6431d9d11c.filesusr.com/ugd/497a87_acc1e2a9c01f404db32ad26149caa0b8.pdf?index=true
- http://dofovomomame.epizy.com/rurawadovesopefezalevozeg.pdf
- https://4a7d9d2b-1d67-446c-8d6d-bdd3043d1f60.filesusr.com/ugd/c3d078_930d84c2a74b43b7bcb4096fdec0f266.pdf?index=true
- https://e905e09d-7ddd-4aab-833c-73500e817873.filesusr.com/ugd/f4c08b_87d23daa7b9b43d4a99d66f3eb730fd7.pdf?index=true
- https://1fa67a36-2e8b-44cc-a955-751d80433762.filesusr.com/ugd/d85e51_cb4af6e6133e4436bfa253fe04d42eba.pdf?index=true
- https://uploads.strikinglycdn.com/files/cb5e857d-c8fe-4b3f-b5ea-009bd266665a/who_is_playing_ms_marvel.pdf
- http://lizusesujujes.rf.gd/dizisubaf.pdf
- https://8607b5f8-c2b2-49b7-a314-b17bd4efff40.filesusr.com/ugd/d99252_6bd4feba28354c39bd13cdab1d9d4cf5.pdf?index=true
- https://0c2a7d7b-be9d-4ef2-a94c-09ca905cc17d.filesusr.com/ugd/7d21c0_9f23ffe2653d4027a96e98a8192c00ce.pdf?index=true
- https://ebd157e6-94c3-4ff5-b3ab-516f87acbde6.filesusr.com/ugd/e87473_1f43b16ff3334eb2b38f0c9d529b7640.pdf?index=true
- https://efed9c07-4553-4484-a419-1b844d271aeb.filesusr.com/ugd/6f475a_4625881a99ee4232b241ff5e29c8588f.pdf?index=true
- https://uploads.strikinglycdn.com/files/4a56ba70-8c81-465a-8d38-aff7d475e797/gutikefigeboxaraxirokosep.pdf
- http://wodelotozajuta.rf.gd/hbr_guide_to_building_your_business_case_free_download.pdf
- http://noluduji.epizy.com/terubivebinixefe.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fc86.bince65e61d84fbafbc818aeafe64188d6b74cf91f94744cc2b77c52a7f9f76d74f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC86 | 5128 bytes |
font_01_sfnt_off00010df1.binbbc2e7b7663303f1861fa4700f5d86d4b0ec3064e0ee288b25311e435a8776f2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10DF1 | 11048 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.