MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. It contains a large number of external links, suggesting it is part of a link farm designed to distribute malicious content or phish users. The primary malicious URL identified is https://nipisod.ru/wb?keyword=harley%20davidson%20v%20rod%20service%20manual%20pdf.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wb?keyword=harley%20davidson%20v%20rod%20service%20manual%20pdf PDF link annotation
- http://durasazi.iblogger.org/mexepegek.pdfIn PDF document text
- http://muvisaxof.iblogger.org/sistema_endocrino_enfermedades_comunes.pdfIn PDF document text
- http://volewug.iblogger.org/baaghi_2_video_mp4_hd.pdfIn PDF document text
- https://cdn.sqhk.co/zuxedanafowa/Giahahb/45756862056.pdfIn PDF document text
- https://cdn.sqhk.co/gudijupimeb/UUhdggv/90449399232.pdfIn PDF document text
- https://cdn.sqhk.co/boxokozofe/idYjcgh/poker_mixed_games_strategy.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://cc6d8859-fc08-4100-a073-55b48c5addfc.filesusr.com/ugd/238140_2a206f83860c4951acf68a776e4e4731.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gowebabuxogiro/social_psychology_10th_edition_aronson.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2cecdcb7-0f11-49fa-8308-c9b787c9edee/hamilton_beach_multi_cooker_rice_recipe.pdfIn PDF document text
- https://s3.amazonaws.com/vufuzewasi/nursing_jurisprudence_exam_answers.pdfIn PDF document text
- https://s3.amazonaws.com/mejados/first_alert_smoke_and_carbon_monoxide_alarm_manual_sc05.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b937ab5f-93b0-460e-8345-8566ceabe01b/how_to_change_a_white_rodgers_thermostat_battery.pdfIn PDF document text
- http://pemebisifikase.rf.gd/tp-link_tl-wa850re_n300_universal_wifi_range_extender.pdfIn PDF document text
- https://9db8f275-5044-409a-aa1b-3306d9dda9bd.filesusr.com/ugd/361f4b_969ccbb4dad84df9ab432b50ba11c2de.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/96a76da3-52cf-4506-938b-feabe892f6d5/bissell_proheat_2x_revolution_wont_spray_water.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/017b0482-d073-455d-b814-0c1f6ab27c02/sony_dsc-s85_driver_windows_7.pdfIn PDF document text
- https://s3.amazonaws.com/nuvukivaxiren/jodumirefumewelorovuwefar.pdfIn PDF document text
- https://d1ee23ee-9ccf-45b0-80ef-1e1ff1f657c4.filesusr.com/ugd/9ef0c3_993cf6f171604a7ca8c0874f480aecfe.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jinabisura/rectify_imdb_parents_guide.pdfIn PDF document text
- http://zujabazu.epizy.com/what_is_eva_gutowski_net_worth.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4730c9a5-5b10-4b39-b690-03f70dbf14a7/fisher_price_swing_recall_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/24979a4d-f936-4287-9ccd-2b548896f74d/echo_leaf_blower_parts_es210.pdfIn PDF document text
- https://1b6fe947-be7e-4494-9a94-f566f178d3d1.filesusr.com/ugd/89064d_d0c34066094546c5b48e9e355ee95ebb.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cd00.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCD00 | 5424 bytes |
SHA-256: 493a34f9943ab9f97ff6e6225c34178ccc0771280c43a50d47da79b6953a241b |
|||
font_01_sfnt_off0000df6a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF6A | 10228 bytes |
SHA-256: e081144ce371c4e581e169bfbe631f45c17d8e52ecf4dede123f1b2e81c7d4a7 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.