MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a heuristic firing for PDF_SEO_LINK_FARM, indicating it's part of a link farm designed to attract traffic. The primary malicious URL, https://midufefew.ru/award?keyword=biotina+cabello+pdf, is embedded and likely leads to a phishing or scam page. ClamAV also detected this file as Pdf.Phishing.Trojan, further supporting its malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.8429
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/award?keyword=biotina+cabello+pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://d7e981a8-8c4a-445e-aef0-60d3d4911bd2.filesusr.com/ugd/65d69c_7373200be9974022a780b1f4dc218efd.pdf?index=true
- https://6e00f30c-c2f4-4f8b-b3fa-04142e93d3a6.filesusr.com/ugd/7b3c9f_866acdd251824d09908caab96cf22ebe.pdf?index=true
- https://uploads.strikinglycdn.com/files/655f0386-8c11-431d-9eda-1e9f5cd51319/frigidaire_ultra_quiet_iii_parts_diagram.pdf
- https://s3.amazonaws.com/wiwamoxamo/can_you_keep_a_secret_full_movie_netflix.pdf
- https://s3.amazonaws.com/fifuto/bubimadixil.pdf
- https://uploads.strikinglycdn.com/files/6512ce22-6c1c-44bc-a87e-58c499cb8a76/what_if_i_told_you_that_i_love_you_lyrics_ali_gatie_deutsch.pdf
- https://8d2868a3-57b7-484c-81f6-493c1c4f5daa.filesusr.com/ugd/a8ca0f_b08b7f95d8204b4797b29da171c51f9d.pdf?index=true
- https://550dfcec-0280-4316-a0d5-68b74a7a20b9.filesusr.com/ugd/f59309_ced0ca59e697461793d24e9ebb2a9084.pdf?index=true
- https://f18b8dc1-3ce9-44bd-8712-01435d039869.filesusr.com/ugd/b97cba_02259e21f4a34f4583d44ffc0ec69111.pdf?index=true
- https://s3.amazonaws.com/xetasif/37786867387.pdf
- https://eaae50f7-3b1c-4f1b-9b3c-e2a48377569d.filesusr.com/ugd/b96e41_40ee1b9ad07a4d0ebfd2b823ef57fac4.pdf?index=true
- https://s3.amazonaws.com/kudowo/tascam_dr60d_review.pdf
- https://s3.amazonaws.com/nedijowewoded/fumajinawowoteturikutod.pdf
- https://s3.amazonaws.com/xulepiwa/sibigawufijimotikonefula.pdf
- https://uploads.strikinglycdn.com/files/967ddf38-300b-4cb5-bc8d-d0919099a54c/dijalukutavezekavibet.pdf
- https://s3.amazonaws.com/jevelel/accounting_terms_uk.pdf
- https://uploads.strikinglycdn.com/files/ad112e9e-5fac-41a5-852a-07c6f21e86bc/dell_optiplex_9010_drivers.pdf
- https://627ea4a7-3f28-4bf3-8c99-6a9da7dacf48.filesusr.com/ugd/1970e2_5322f0c9aab84a4188bb59b24c34c694.pdf?index=true
- https://d0f5cf02-e55f-42e7-ba97-8a4d5a2b8368.filesusr.com/ugd/7f59a0_ec849f56f9e9464eba6fbb47c73759b7.pdf?index=true
- https://s3.amazonaws.com/labitajaxatufib/how_much_does_a_new_freightliner_cost.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e0e0.bin85f4d85345f647908d445947588a22465cbf440ec64a27f108118349c9b5c4bf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0E0 | 5064 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.