MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9956
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=how+to+convert+a+pdf+into+a+word+doc+for+free PDF link annotation
- https://volifaredibeg.weebly.com/uploads/1/3/1/4/131437601/3265887.pdfIn PDF document text
- http://xuvaguwanolinu.66ghz.com/volozubodelaliboziju.pdfIn PDF document text
- http://bitawulam.iblogger.org/human_centipede_movie_free.pdfIn PDF document text
- https://putusura.weebly.com/uploads/1/3/1/6/131606782/2456619.pdfIn PDF document text
- https://fidinavaxevipew.weebly.com/uploads/1/3/4/8/134876378/50e77f.pdfIn PDF document text
- https://wadezadoli.weebly.com/uploads/1/3/0/9/130970015/nujugofeminaw.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/wutisigila/english_grammar_tense_in_marathi.pdfIn PDF document text
- http://dukejujegu.epizy.com/goes_first_to_yorkshire_city_reportedly.pdfIn PDF document text
- https://s3.amazonaws.com/nitidadufetenu/doraemon_game_apk_mod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1a36a01d-ed37-4175-9c74-9ee4fc1832c8/ssa_1099_form_tax_return.pdfIn PDF document text
- http://keximatefabuzi.rf.gd/the_guardian_university_guide_medicine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1c5a3f06-fe4a-4d20-88a0-bd6e66d7a149/leading_from_the_inside_out_the_art_of_self-leadership.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9ecf39ab-f813-45ac-a3d0-7f3431013cda/thomas_jefferson_the_art_of_power_audiobook.pdfIn PDF document text
- https://s3.amazonaws.com/rerinago/audiogram_report_example.pdfIn PDF document text
- http://dipijiz.epizy.com/insert_watermark_online.pdfIn PDF document text
- https://s3.amazonaws.com/mokixetat/linkedin_company_qa_platform.pdfIn PDF document text
- https://s3.amazonaws.com/wolina/60951130038.pdfIn PDF document text
- https://s3.amazonaws.com/joterige/jepedotipelef.pdfIn PDF document text
- https://s3.amazonaws.com/rizoli/20347168527.pdfIn PDF document text
- http://luwemazezabubat.rf.gd/47453695013.pdfIn PDF document text
- http://tazododamir.rf.gd/passive_voice_mixed_tenses_exercises_advanced.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/97a00426-6c50-409e-8848-f1d4738251a6/how_to_file_ifta_taxes_illinois.pdfIn PDF document text
- http://kofuzedu.epizy.com/fevadikapoporenudow.pdfIn PDF document text
- https://s3.amazonaws.com/jufowokedunod/63637790655.pdfIn PDF document text
- https://s3.amazonaws.com/jedadokuti/what_is_dark_gothic_art.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01b0e758-142b-4c01-afbb-9fd9d91e8381/xexiforuxisanarikinodabi.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e3b3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE3B3 | 5052 bytes |
SHA-256: ddb4d19d7f1d0800694cd0e3e64a11973762f288bb048dd84a60a1b5a9913947 |
|||
font_01_sfnt_off0000f50c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF50C | 10820 bytes |
SHA-256: 06009fc3bb30cf5f80ce484f62cf023c4582b16f968da9ae5f32959d183044c0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.