MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, with one heuristic specifically identifying a 'PDF_SEO_LINK_FARM'. The document body, though heavily obfuscated, suggests a lure related to 'capitalization worksheets'. The presence of external URIs and the ML classifier's high score indicate malicious intent, likely for phishing or to serve a second-stage payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.7994
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/award?keyword=capitalization+worksheets+3rd+grade+pdf
- http://vizit.store/uos_degree_fee_challan_formyr5wt.pdf
- https://cdn-cms.f-static.net/uploads/4453333/normal_60565ac6b1e69.pdf
- https://rawixokuboja.weebly.com/uploads/1/3/4/0/134097397/xugomememamapov.pdf
- https://cdn-cms.f-static.net/uploads/4404308/normal_5fd6fe25bfe7d.pdf
- https://static.s123-cdn-static.com/uploads/4416494/normal_5ff7f8d1290fa.pdf
- http://petrol-v-pol-price.site/wings_of_fire_book_4_graphic_novel_sneak_peek9kmru.pdf
- https://vigodabazo.weebly.com/uploads/1/3/4/8/134872933/sujekigo_lunis_wavurojo_likomimisutow.pdf
- https://static.s123-cdn-static.com/uploads/4469104/normal_5feca1c666c4e.pdf
- https://diriremipujuna.weebly.com/uploads/1/3/4/2/134265666/welapeloworimed-viguxasibekoj-nelasozugubor-zewotasinukaf.pdf
- https://cdn-cms.f-static.net/uploads/4377128/normal_603d3a50cdffa.pdf
- https://bijufipenonovo.weebly.com/uploads/1/3/4/5/134529550/xuzewa_gexaxug.pdf
- https://tureduritisamo.weebly.com/uploads/1/3/4/6/134676104/givixaza.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://7fc1e5b2-1dd8-4457-9de2-3dea1ab9f589.filesusr.com/ugd/fedd61_d548e98efd514bdd8d21541be6684d5e.pdf?index=true
- https://6196a4e6-b3b5-4a85-a139-4ec84e0a53d9.filesusr.com/ugd/d01287_f733323da93e4e3393e780c1dd8bf969.pdf?index=true
- http://tutedenomazul.epizy.com/kuzoganis.pdf
- https://9db8f275-5044-409a-aa1b-3306d9dda9bd.filesusr.com/ugd/361f4b_d6edc21eed52451fb29daba477573179.pdf?index=true
- https://dc010c70-835d-4b56-8cb0-1e1bda7cab64.filesusr.com/ugd/fb576b_fb492c682185440e96af3ad823c007c1.pdf?index=true
- https://393102e6-89af-4738-8cad-89662dba8dc5.filesusr.com/ugd/33a16d_1b273f4bddc34ad2a98ec0c48a62d218.pdf?index=true
- https://ef2e072a-e8a2-4438-804d-cc750be2e2f6.filesusr.com/ugd/6a22cb_dc5a1f2ca14e46bfa15e40a5a0c3bfd7.pdf?index=true
- http://serumisa.epizy.com/sedimentary_rock_worksheet_elementary.pdf
- http://punexowimuseva.epizy.com/maxwell_5_levels_of_leadership_summary.pdf
- https://4d75d3c9-3a4d-4df6-84ab-e48b83d723e5.filesusr.com/ugd/cdb50c_c17f2ad4b83e44888f8799d0d6d7b254.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000db7e.bin52da1acadb37cc1db02071eb76f2b9b400b863d933c2370e7a3c939a5bc3fa44 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDB7E | 5580 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.