MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by multiple heuristics, including a critical ClamAV detection for 'Pdf.Phishing.Trojan' and an ML classifier indicating maliciousness. The presence of a large number of external links, many pointing to PDF files with SEO-like keywords, suggests a link farm or phishing attempt. The document body, though heavily obfuscated, contains keywords related to the external links, reinforcing the lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9853
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=anatomy+and+physiology+of+human+body+systems+pdf
- https://cdn.sqhk.co/girewobo/KigfB0o/electronic_drum_set_price_olx.pdf
- https://cdn.sqhk.co/wamamuli/Ujcgieh/eclub_olive_garden.pdf
- https://mebavowu.weebly.com/uploads/1/3/4/3/134353315/1049163.pdf
- https://cdn.sqhk.co/nujidegowupi/whdJhht/tobuwivutajozutiwetarafo.pdf
- https://panejukirid.weebly.com/uploads/1/3/1/6/131606092/wivumupiw.pdf
- https://jazelisis.weebly.com/uploads/1/3/4/8/134870131/webiboduzekeg-dokepugitibuku-pusit.pdf
- http://gallery-shop.site/aws_data_warehouse_architecturero61y.pdf
- http://moymagazin.xyz/rotutov23cqr.pdf
- https://cdn.sqhk.co/gejupajo/rqmZUhe/74478863558.pdf
- https://xozisimoxu.weebly.com/uploads/1/3/1/1/131164350/04513172edf62.pdf
- https://xigowobil.weebly.com/uploads/1/3/4/6/134645495/d329d747310c19.pdf
- https://cdn.sqhk.co/bivuwusim/hjhadYP/zedezijiwomajadifugibar.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://246406bc-bb0d-4f29-baed-d8a6153a9543.filesusr.com/ugd/3ddeef_0af1861b384542fe82fe89b8747f8292.pdf?index=true
- https://s3.amazonaws.com/tumuzu/59116599633.pdf
- https://4f6c49ad-35c2-4e1b-a50e-a4ca4816ee30.filesusr.com/ugd/a28dad_883b8c1b577f4a389f8bed34427387be.pdf?index=true
- https://14535e1a-360a-4d01-a655-fa33e115c80e.filesusr.com/ugd/b222ea_fdda20d5735a42cbb04a85ed19409c8d.pdf?index=true
- https://s3.amazonaws.com/lewuli/what_does_partner_wod_mean.pdf
- https://s3.amazonaws.com/nitirew/zenumafoguxijog.pdf
- https://s3.amazonaws.com/kewakuko/natozo.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dfbe.bin05cf67b36bf6b6d057a66fed8bf351f7200b167292cd775dcef8d41c6bf2b02c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDFBE | 5472 bytes |
font_01_sfnt_off0000f234.binb2a3e4499f1d65c04415be6d2bc7968a0bc50024be1e97d1b20669b816ae5091 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF234 | 10672 bytes |
font_02_sfnt_off0001166b.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1166B | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.