MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ClamAV and ML classifiers, indicating it is likely a phishing or SEO spam document. It contains numerous external links, with one pointing to 'https://ponafet.ru/wb?keyword=ejemplo%20de%20minuta%20de%20una%20empresa%20word'. The presence of embedded URLs and the PDF structure suggest an attempt to redirect users to malicious or spam content, potentially as part of a spearphishing campaign.
Machine Learning
- Nyx PDF Classifier malicious score 0.8660
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/wb?keyword=ejemplo%20de%20minuta%20de%20una%20empresa%20word
- https://rawesare.weebly.com/uploads/1/3/3/9/133997405/zavakati.pdf
- https://xemaxokiba.weebly.com/uploads/1/3/4/3/134350412/kibegopere.pdf
- https://momitoxen.weebly.com/uploads/1/3/7/5/137514133/lajudos.pdf
- https://cdn-cms.f-static.net/uploads/4444649/normal_5fd6452abe5b6.pdf
- https://cdn-cms.f-static.net/uploads/4366665/normal_604706d84d38f.pdf
- https://lukawonudos.weebly.com/uploads/1/3/5/3/135320707/kemeno-roratupeb-rigigole-jiwojuxi.pdf
- https://static.s123-cdn-static.com/uploads/4464720/normal_5ffae47bde1bb.pdf
- https://wotipufa.weebly.com/uploads/1/3/1/0/131069738/wuvojumub-lenopugubima.pdf
- https://cdn-cms.f-static.net/uploads/4369316/normal_604cd38fe2b10.pdf
- https://zowamuzifam.weebly.com/uploads/1/3/1/1/131163536/nosajepuzetunamo.pdf
- https://najovukuno.weebly.com/uploads/1/3/1/4/131453374/lexarazaxupekiminedo.pdf
- https://xijozidirosem.weebly.com/uploads/1/3/4/7/134712871/sutejimuwi.pdf
- https://bakigimos.weebly.com/uploads/1/3/4/3/134322269/mebenonizopokin.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/6b753213-8e5e-404f-8ff9-adb88da9f165/nutopovevegafawubigele.pdf
- https://uploads.strikinglycdn.com/files/83eca206-2a9a-44e9-9c2b-0bb4e094beee/what_building_collapsed_in_new_orleans.pdf
- https://uploads.strikinglycdn.com/files/bfd58aa6-1c8f-4f79-8617-8d6bb1c8986b/mokazavejadavowij.pdf
- https://uploads.strikinglycdn.com/files/6d46c878-7747-4a6b-806f-2dfb1278a795/88153718098.pdf
- https://uploads.strikinglycdn.com/files/23749bdf-08a5-4bce-bea5-cb351c316fa2/datolego.pdf
- https://uploads.strikinglycdn.com/files/de7f33dd-5c91-4b90-82a6-b3fbf963b972/82828042228.pdf
- https://uploads.strikinglycdn.com/files/4ba1e3cb-b16f-4ffa-bf13-071b588dfa73/how_to_learn_excel_formula_vlookup.pdf
- https://uploads.strikinglycdn.com/files/bb8f83da-4887-4498-975f-abc7fcb135a4/airman_y_group_book_download.pdf
- https://uploads.strikinglycdn.com/files/77e8825e-4862-4262-83af-75d78b0eb248/how_to_prevent_round_ligament_pain_during_pregnancy.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e48f.bin506741eec86b127ff99269d5492386b567b08fdd5c2456dd71232017c5a54579 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE48F | 5228 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.