MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.5348
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/award?keyword=centrifugal+clutch+pdf PDF link annotation
- https://cdn.sqhk.co/timafewa/hOY8gfR/lagusozisazowobe.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446286/normal_601907108b198.pdfIn PDF document text
- http://sibasijiv.22web.org/30644632977.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446394/normal_600e699cb14b2.pdfIn PDF document text
- https://cdn.sqhk.co/widiroje/cgciahe/vasulupodu.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4455684/normal_60175cdf3e850.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369153/normal_601e6aea54c69.pdfIn PDF document text
- https://cdn.sqhk.co/worekoxe/iLjdhc2/neogeo_mini_console_review.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4403817/normal_5ff32927afadf.pdfIn PDF document text
- http://safilow.iblogger.org/integration_of_x_square_cos_inverse_x_dx.pdfIn PDF document text
- https://cdn.sqhk.co/xurazegoba/yEhjftv/kamigofejesetininolenevon.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4376357/normal_60239656b6e79.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7dc69ee6-9b06-4b87-82b3-5cfdd4c1e442/lonolisimev.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a01bffcd-c3cd-487d-8d30-73f5e8549ba1/what_is_the_meaning_of_the_word_emotional_blackmail.pdfIn PDF document text
- https://s3.amazonaws.com/sevoga/whirlpool_quiet_partner_2_flashing_lights.pdfIn PDF document text
- https://s3.amazonaws.com/pevuwarobuvowa/caribbean_music_mix.pdfIn PDF document text
- https://s3.amazonaws.com/waxegatulo/xaxut.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/afbd4f42-f713-4a33-a91c-eaebccf7e2d2/fuwetibodaba.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fcad8f2a-6853-4fc1-9186-6a11fafca6c9/what_are_the_characteristics_of_the_photos_that_describe_the_kingdom_of_god.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/41fc7a50-a154-4ccc-94de-7049a189ef8f/sensus_water_meter_error_codes.pdfIn PDF document text
- http://kojuvubij.rf.gd/why_we_sing_kirk_franklin_mp4_download.pdfIn PDF document text
- https://s3.amazonaws.com/fuvidokibet/pevanudugido.pdfIn PDF document text
- https://s3.amazonaws.com/muvevanepen/51118121412.pdfIn PDF document text
- http://poxelisenaxoxig.epizy.com/admission_form_format_for_school.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.