MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/123?utm_term=diabetes+nice+guidelines+diagnosis PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/35d7bb3a-7d13-4800-bb85-d89e44141e55/cost_to_renew_ak_drivers_license.pdfIn PDF document text
- https://s3.amazonaws.com/satudifin/rangoli_designs_templates.pdfIn PDF document text
- https://s3.amazonaws.com/rekorewexidiwo/fisher_price_roarin_rainforest_jumperoo_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c74e06c6-1090-4377-af42-046caab3f06f/how_to_work_a_mr_coffee_cafe_barista.pdfIn PDF document text
- https://s3.amazonaws.com/silubebebefuju/27878408515.pdfIn PDF document text
- https://s3.amazonaws.com/gateme/biwavikadiz.pdfIn PDF document text
- https://s3.amazonaws.com/fosalizuzu/carpal_tunnel_syndrome_physical_therapy_treatment.pdfIn PDF document text
- https://s3.amazonaws.com/jofunozuzof/25628999728.pdfIn PDF document text
- https://4a31e3f8-49e3-4331-b1a9-c0bb7a6b9dbc.filesusr.com/ugd/599f1c_bebb6f4c67304bbb86ddd9e99f857563.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/e9d00f5a-6061-46ed-b8c7-e6a98b56646a/calories_in_vegan_taco_bell_crunchwrap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/039d205b-4e94-4ba5-acf2-c9e489435449/22241812413.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/908908c8-c9e5-4057-89c6-f788184ebe90/church_financial_report_template_excel.pdfIn PDF document text
- https://s3.amazonaws.com/zidosozawok/vujasug.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/288ef6e5-8801-4dcb-ad6a-8b7f6afdb9b4/cronica_de_una_muerte_anunciada.pdfIn PDF document text
- https://a16eeaf1-ab09-4fb7-bdbc-3ebfa24c279d.filesusr.com/ugd/03042f_92183c7c2f3f45b68092303d4c259e2f.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/kigavanus/56023738109.pdfIn PDF document text
- https://s3.amazonaws.com/fukepez/55317839918.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/15f93dd6-5459-4f20-ad13-aa5945413ebf/what_is_satire_in_animal_farm.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bd84b67b-3b93-48a0-968d-88d5e19b4f1a/bibivizaxunazutiboveda.pdfIn PDF document text
- https://636e06b3-920c-4898-b827-ef778bbbc101.filesusr.com/ugd/40512e_3ec6d10724974c9eb2abf96b673424b7.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f06c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF06C | 5148 bytes |
SHA-256: a0a8eb39601d4db34799f0ed580f1d8c0af5188571915c09c259d8764e1416ab |
|||
font_01_sfnt_off00010200.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10200 | 11140 bytes |
SHA-256: 3aa7be9c7bd539479da67e44c363d0f3d06596b54931cac1f0d6524d7e14bc5e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.