MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an embedded URL that redirects to a suspicious domain, likely as part of a phishing or SEO link farm scheme. ClamAV and ML classifiers strongly indicate malicious intent, classifying it as a phishing trojan. The document body, though heavily obfuscated, appears to be a lure related to a search query, aiming to drive traffic to the malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/strik?utm_term=how+many+carbohydrates+in+a+soft+shell+taco PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/kobivimelelo/karl_marx_manifesto_comunista_resumo.pdfIn PDF document text
- https://s3.amazonaws.com/midaguvimabof/86475782151.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5fac3109-85f5-4054-8218-5067f69ee36a/romeo_and_juliet_malayalam_download.pdfIn PDF document text
- https://2c9641c8-5874-4869-9b94-f1378e60aa6b.filesusr.com/ugd/efc1f6_3e8b8646a9d048ac8fcda34ed48f3244.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/welanisowari/decorations_mhw_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bfff2013-4da7-46bf-bc9e-3d40fe6ab73b/how_do_you_fix_a_kenmore_gas_dryer_that_wont_heat.pdfIn PDF document text
- https://144ece88-722e-4d59-a9d1-ae16887514c2.filesusr.com/ugd/48b17f_6d00dd68893c49f6ad5eb9ce42aaefe4.pdf?index=trueIn PDF document text
- https://bd7a0a6f-bbfd-49cc-ba41-c3f2778102d9.filesusr.com/ugd/9ea91e_ae5165fd87da4003a3652514f6596277.pdf?index=trueIn PDF document text
- https://1e16da7b-5b4f-4122-a3c4-5c88c9d97cf7.filesusr.com/ugd/83f04e_8eefcacd27184425a40411bc3087113e.pdf?index=trueIn PDF document text
- https://9e1b5e4e-b4ab-405b-8fdf-b3b6d7b19c28.filesusr.com/ugd/94ea38_3a5365bac6314a818837f9923bdc712a.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/dab08eda-a2c9-4b13-a30f-430869f9c862/mr_coffee_bvmc_sjx33gt.pdfIn PDF document text
- https://6bc553e5-d0de-4278-827a-c77c8eb32fbd.filesusr.com/ugd/4a6c57_3ab7fcbddc0f4e2c9c555d2bbeb9cc4b.pdf?index=trueIn PDF document text
- https://2a07c75e-e898-48ba-b326-4cccc82d0599.filesusr.com/ugd/ff154e_05c14cca9d6d4bd3a2b89492571c6e31.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/genijusemu/starbucks_barista_aroma_grande_coffee_maker_manual.pdfIn PDF document text
- https://f904ef53-caa1-4f0f-8a97-c50675c03ece.filesusr.com/ugd/2f8cea_5bbf58b5817e425ba247d1ed46634d0f.pdf?index=trueIn PDF document text
- https://d5fb4b5d-766d-4e54-ab1c-ecc61d2b7d82.filesusr.com/ugd/b0c8dc_650530123cd047c0a5c6e393507ffed0.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/sorapobuk/nevixekaniboti.pdfIn PDF document text
- https://9e730ba1-499c-413e-9a09-8a81f8121270.filesusr.com/ugd/0a0016_4912e8e6aded49baabf07494a618eccd.pdf?index=trueIn PDF document text
- https://71b4061d-0fbe-47a8-a671-08758978b022.filesusr.com/ugd/0216f2_fe8670a840d94ff5813f833bc585b1d9.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/e3976802-995d-4bc4-b45b-4f98aba79b9f/jiguvapubipuwadosez.pdfIn PDF document text
- https://30de3caf-c510-4ce9-8691-b8280dc60d9b.filesusr.com/ugd/4980ee_14c72018286f4fe68a16180324b9ac2b.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dc42.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC42 | 5344 bytes |
SHA-256: 430e835c8919360995575e5f3a14eaac766ae45c360b9ff30075011720e2ba10 |
|||
font_01_sfnt_off0000ee41.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE41 | 11488 bytes |
SHA-256: 9b5c79554e779a1b676e64d5104a05e19eff9b75cceca9d9dfffcc291093337c |
|||
font_02_sfnt_off000114ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x114ED | 4324 bytes |
SHA-256: ff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.