Malware Insights
This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains a large number of external links, suggesting it is part of a link farm designed to manipulate search engine results or redirect users to malicious sites. One of the embedded URLs, https://golowaki.ru/aws?utm_term=ashrae+handbook+free+download+2016, appears to be a lure for downloading content, while another, http://twenty-promo2020.ru/42553194212jnvkn.pdf, is also suspicious. The PDF structure and the presence of external links point towards a phishing or malware distribution scheme.
Machine Learning
- Nyx PDF Classifier malicious score 0.9703
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/aws?utm_term=ashrae+handbook+free+download+2016
- http://twenty-promo2020.ru/42553194212jnvkn.pdf
- http://mailedflkf.site/curriculum_vitae_template_doc_south_africalt18b.pdf
- http://kpovli.ru/dibekubagowomeposetalojozibgd.pdf
- http://stankoff.org/petoginevuguju852ck.pdf
- http://e-devletodeme.net/different_types_of_structured_productsckozz.pdf
- http://homiak.fun/jugofakijewemov9a8lg.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/37851ffa-7151-4ca9-95ae-281b4728a5a8/nes_roms_super_mario_bros_2_japan.pdf
- https://uploads.strikinglycdn.com/files/a00f199b-90bf-4c37-b915-a631074e67be/30322933258.pdf
- https://s3.amazonaws.com/divelikubapiwaj/adobe_reader_java_app_free.pdf
- https://s3.amazonaws.com/dogazisuze/how_much_money_do_navy_divers_make.pdf
- https://s3.amazonaws.com/kelageketisefuv/fusitomifosusipinowot.pdf
- https://uploads.strikinglycdn.com/files/320f15b7-bde3-4e84-bc25-5d9fca93dbe3/que_son_las_calorias_en_quimica.pdf
- https://uploads.strikinglycdn.com/files/8814cb6e-de9a-4579-8efd-ef4ae1da4aa4/jegodo.pdf
- https://fa90eb46-aa9b-4fd1-a2e8-e903ec8e50a4.filesusr.com/ugd/575fb0_66eddaa20db64669824a491c0d33531b.pdf?index=true
- https://uploads.strikinglycdn.com/files/c8d84ba6-9d73-45b7-9d80-bf6bcdcecdad/6314942782.pdf
- https://033a7475-7ccb-45c1-8f1e-38fd320d48d0.filesusr.com/ugd/03a576_10c78e651f4245b597c4d49fff1fbc4b.pdf?index=true
- https://uploads.strikinglycdn.com/files/ffa3b7ff-0e99-45d2-8e4d-98d0dfb8f533/54894461391.pdf
- https://uploads.strikinglycdn.com/files/e51d07c5-2b63-4641-9d4d-7463e32d56ac/fl_studio_tutorial_for_beginners_mp4.pdf
- https://a80c0318-1640-4d50-a016-df037fc402b9.filesusr.com/ugd/895bef_b1430a30d460438098c328420a525b0a.pdf?index=true
- https://uploads.strikinglycdn.com/files/f82e4d82-48b5-4279-9e70-33be744bf813/vizelawa.pdf
- https://s3.amazonaws.com/jovekus/fomosivolof.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d6f2.bin68f7cc447417160f6ae4ed44ca7b206c1792a27c89f6384b00abfad79a8bdaaa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD6F2 | 5420 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.