MALICIOUS
144
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.7607
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lovig.co.za/XSRYdR1H?utm_term=virginia+sentencing+guidelines+accessory+after+the+fact PDF link annotation
- http://atrsara.ir/resource/files/papifupalowaxenuf.pdfIn PDF document text
- https://rugilebeme.weebly.com/uploads/1/3/1/3/131380811/635021.pdfIn PDF document text
- https://kexejimeso.weebly.com/uploads/1/3/4/0/134096016/4519859cae2eeca.pdfIn PDF document text
- http://podlahyadvere.sk/editor_uploads/system/files/84745967039.pdfIn PDF document text
- https://jopepikenaz.weebly.com/uploads/1/3/4/6/134652119/32ddef649e4.pdfIn PDF document text
- https://www.phuketvillarentalandservices.com/ckfinder/userfiles/files/laxapo.pdfIn PDF document text
- https://kobotazesesop.weebly.com/uploads/1/4/1/3/141394777/5427436.pdfIn PDF document text
- http://atthaya.com/file_media/file_image/file/lazonezewilemaxononabib.pdfIn PDF document text
- https://marciasmithconsulting.com/wp-content/plugins/super-forms/uploads/php/files/637fbe9e26c09e7a4119fb456f7adae4/powuverikiregekugaxa.pdfIn PDF document text
- https://luxutavu.weebly.com/uploads/1/3/5/9/135964445/120056e713fb5b.pdfIn PDF document text
- https://wupixizot.weebly.com/uploads/1/3/5/3/135398135/biredibizufoke.pdfIn PDF document text
- https://wezoretibim.weebly.com/uploads/1/3/5/3/135317821/a892c7f7.pdfIn PDF document text
- https://xibopenevitamog.weebly.com/uploads/1/3/4/4/134488628/kipavulimupebes_filarimariwudu_kisojubibosum.pdfIn PDF document text
- https://xuvivodoxanujo.weebly.com/uploads/1/3/5/3/135308848/5932983.pdfIn PDF document text
- https://pakistanchristiancongress.pakistanchristianpost.com/userfiles/file/zedefes.pdfIn PDF document text
- http://viacaosaopedro.com/www/js/ckfinder/userfiles/files/zitopimonogol.pdfIn PDF document text
- http://maradonasalud.com.ar/ckeditor/ckfinder/userfiles/files/41994270239.pdfIn PDF document text
- https://digakotukuz.weebly.com/uploads/1/4/1/2/141251186/kaguj.pdfIn PDF document text
- https://birifebirox.weebly.com/uploads/1/3/3/9/133999865/butot.pdfIn PDF document text
- https://kalashad.com/userfiles/file/2357689.pdfIn PDF document text
- http://studioagm.it/userfiles/files/porotofipupefigukila.pdfIn PDF document text
- https://www.rogierstoel.nl/wp-content/plugins/super-forms/uploads/php/files/h4pfl3226479m81gk84bcbdc28/jefekegodij.pdfIn PDF document text
- https://robigatif.weebly.com/uploads/1/3/0/8/130873787/8633106.pdfIn PDF document text
- http://sithome.com/upfiles/file/20220311184941.pdfIn PDF document text
- https://lamuvoraraxuz.weebly.com/uploads/1/3/4/4/134486612/tererogibekase.pdfIn PDF document text
- http://elosc.com/upFile/file///ITX202203251732583101.pdfIn PDF document text
- https://biwemazisemu.weebly.com/uploads/1/3/0/9/130969041/1090010.pdfIn PDF document text
- http://artiguardia.pl/userfiles/file/52293966506.pdfIn PDF document text
- https://timifuxi.weebly.com/uploads/1/3/4/6/134676324/b7d1259c3f.pdfIn PDF document text
- https://gemefakopegixi.weebly.com/uploads/1/3/4/3/134309359/buwofexo.pdfIn PDF document text
- http://gamulchi.org/userfiles/file/44528271363.pdfIn PDF document text
- https://tuzutetenufiro.weebly.com/uploads/1/3/4/7/134716615/befiviromol.pdfIn PDF document text
- https://xowukidumevege.weebly.com/uploads/1/4/1/4/141416020/6757077.pdfIn PDF document text
- https://rezalebivug.weebly.com/uploads/1/3/0/9/130969918/xefepexupikufaxesami.pdfIn PDF document text
- https://jeraligasusuwaj.weebly.com/uploads/1/3/4/5/134528446/ludabuwusejaxavi.pdfIn PDF document text
- https://nifakisafuzum.weebly.com/uploads/1/3/0/7/130775286/pidases-rilorana.pdfIn PDF document text
- https://hopclickhospitality.com/scgtest/team-explore/uploads/files/11335062830.pdfIn PDF document text
- https://kemavejikokawi.weebly.com/uploads/1/3/2/3/132303077/tujunevimotoraz-vifidarik.pdfIn PDF document text
- https://www.wunderlandovi.hu/kcfinder/upload/files/34221736748.pdfIn PDF document text
- http://bioengenharia.com.br/public/libs/kcfinder/upload/files/kenojufefuzotedisek.pdfIn PDF document text
- https://grnca.org/img/files/files/dimexexuv.pdfIn PDF document text
- http://alkord.kz/app/webroot/js/kcfinder/upload/files/2625905110.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn extracted file (font_00_sfnt_off000302da.bin)
+1 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000302da.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x302DA | 16792 bytes |
SHA-256: 9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
|||
font_01_sfnt_off00031aec.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x31AEC | 16944 bytes |
SHA-256: 315bb5b2bf40c5000d6a45068ed18fa3a75c5394386307260e3ac7d338ec0d3e |
|||
font_02_sfnt_off0003464c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3464C | 10936 bytes |
SHA-256: ce049686e9ebbf0438c47f1f1630edf069f846e362905564993cdd7c35c4af18 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.