MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic firing for a link farm, directing users to a suspicious URL. ClamAV also detected it as a phishing trojan. The presence of multiple external links, many of which are benign, suggests an attempt to obscure malicious activity within a larger set of seemingly legitimate resources. The primary malicious URL is likely intended to host a phishing page or a further stage of malware.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/strik?utm_term=how+to+erase+olympus+digital+voice+recorder PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://8d928d4c-4e32-4dc6-8093-d383c90b3cca.filesusr.com/ugd/b5d49c_ce50dc8f14e746909db0ded78acdd12c.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/lomuper/63672935025.pdfIn PDF document text
- https://77047a80-9f17-4504-a563-a097c25ca12e.filesusr.com/ugd/5c8b2f_0bf016cc133041fb86bbb2732a60e2cf.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/fisulefajow/behringer_xenyx_x2222_manual_espaol.pdfIn PDF document text
- https://s3.amazonaws.com/rafiralexezol/cinema_4d_r21_plugins_free.pdfIn PDF document text
- https://s3.amazonaws.com/xakajoziwibi/bahut_pyar_karte_song_new_version.pdfIn PDF document text
- https://s3.amazonaws.com/tunenijexe/cartoon_characters_printable_coloring_sheets.pdfIn PDF document text
- https://a91873a8-1f5b-4151-915d-af39eb211f25.filesusr.com/ugd/3f80ec_bd7a09a8a7964e59bba407614f270edb.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/libosokune/how_to_report_to_cps_anonymously_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab387785-c364-466b-89cb-ef2f7328c953/71704492670.pdfIn PDF document text
- https://s3.amazonaws.com/rikolesafuwofar/jimilagewow.pdfIn PDF document text
- https://s3.amazonaws.com/tomamujuf/information_about_gst_in_telugu.pdfIn PDF document text
- https://s3.amazonaws.com/gewisetug/19612251855.pdfIn PDF document text
- https://s3.amazonaws.com/papuja/kaala_patthar_full_movie_720p.pdfIn PDF document text
- https://s3.amazonaws.com/nezanurugega/anheuser_busch_inbev_annual_report.pdfIn PDF document text
- https://s3.amazonaws.com/xurixado/dadagixogujotob.pdfIn PDF document text
- https://s3.amazonaws.com/jenagubadopi/lord_of_the_flies_chapter_2_questions.pdfIn PDF document text
- https://f171294f-ed7a-4884-a773-1e826a512430.filesusr.com/ugd/20d861_0248add3f7cc488aa084203ce564801d.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/4d14c979-4907-49d7-bbe8-0d2ba348440d/robin_hood_and_the_monk_summary.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/02d82eed-cd92-4719-88c2-895f107ec9d9/fivipaw.pdfIn PDF document text
- https://s3.amazonaws.com/sowewazulejewi/inductrix_fpv_bl_review.pdfIn PDF document text
- https://eadb47d6-6712-4ecd-aa5a-2cdcf2d90b86.filesusr.com/ugd/c844bf_6c1d3c012680475d92a2d8c3d7aa541e.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/85b5cf98-8648-4260-a7f4-6fde85ec7146/psychology_grad_school_programs_in_california.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f048.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF048 | 5608 bytes |
SHA-256: 2f7b1864de4317a1e5e8a0f861cfa8b6c78e0b96d98019b1f7dd05d498fb2abe |
|||
font_01_sfnt_off00010362.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10362 | 10776 bytes |
SHA-256: 1a6434c99be94f1409833cf1744d392ee0a44755f9ae166a28ece496dc260660 |
|||
font_02_sfnt_off00012855.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12855 | 16232 bytes |
SHA-256: 1108fde26526beb56470b911c7e3b1f040da0088942da3a1b45fff1576a9b534 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.