MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document is identified as a phishing lure due to its image-only nature and embedded clickable link. The ClamAV detection and ML classifier further support its malicious classification. The document likely attempts to redirect the user to a malicious URL, such as 'https://dugedepap.ru/strik?utm_term=sony+str+dn1040+network+not+available', for further exploitation or credential harvesting.
Machine Learning
- Nyx PDF Classifier malicious score 0.5147
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 72 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/strik?utm_term=sony+str+dn1040+network+not+available
- https://static.s123-cdn-static.com/uploads/4451231/normal_5ff14836aed37.pdf
- https://gibitomenufe.weebly.com/uploads/1/3/4/0/134041720/petavitiw.pdf
- https://povoxiguda.weebly.com/uploads/1/3/4/0/134016665/juzizuvaninefi.pdf
- https://static.s123-cdn-static.com/uploads/4496828/normal_5ffac0f7ce5af.pdf
- https://cdn-cms.f-static.net/uploads/4366000/normal_5fd8a31f485ce.pdf
- https://static.s123-cdn-static.com/uploads/4371248/normal_5ffb4922e593d.pdf
- https://tolirufatava.weebly.com/uploads/1/3/4/8/134879039/6b4a27c.pdf
- https://cdn-cms.f-static.net/uploads/4502175/normal_6013dce27b207.pdf
- https://cdn-cms.f-static.net/uploads/4493873/normal_6065f88bca1f6.pdf
- https://jejaxome.weebly.com/uploads/1/3/4/4/134443668/zixowitazinebo.pdf
- https://cdn-cms.f-static.net/uploads/4461497/normal_605ef63ef2eca.pdf
- https://uploads.strikinglycdn.com/files/53b96d65-674d-4a21-a276-60f870803622/62604186883.pdf
- https://uploads.strikinglycdn.com/files/ee8a1609-8671-48ca-8f6c-7b63daf0482e/hp_officejet_pro_8610_mac_os_x_driver.pdf
- https://uploads.strikinglycdn.com/files/620a362a-ef5b-41b6-94f7-fc7cb9a02ece/probabilistic_graphical_models_principles_and_techniques_solution_manual.pdf
- https://uploads.strikinglycdn.com/files/4fb392b7-ac6c-4c11-929e-46fddd51627b/15453813321.pdf
- https://s3.amazonaws.com/dorulusof/rikipevujetusufupevimowam.pdf
- https://uploads.strikinglycdn.com/files/57b5660f-0b5b-4b49-85ac-b2b0a8ab0a68/lakefoxal.pdf
- https://uploads.strikinglycdn.com/files/4620edb7-4bb4-48e0-8622-abfbb855859a/tutazanixeg.pdf
- https://uploads.strikinglycdn.com/files/c77e47a3-af39-4401-991e-6fdea834e882/vampire_diaries_merchandise_walmart.pdf
- https://uploads.strikinglycdn.com/files/544b8db8-9364-4431-af14-51ccd27679b6/sig_sauer_sp2022_40.pdf
- https://uploads.strikinglycdn.com/files/8540160e-17d1-425b-a3fe-e68b4605191a/acordes_para_teclado_dios_esta_aqui.pdf
- https://s3.amazonaws.com/xotomisen/vampire_diaries_cast_season_7_heretics.pdf
- https://uploads.strikinglycdn.com/files/aa17af9c-d342-42a3-99bf-84d2976006ef/kuhn_gf_22_nt_tedder_parts_diagram.pdf
- https://s3.amazonaws.com/kotenu/bazan.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.