MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file, generated by wkhtmltopdf, contains numerous external links, indicating a potential link farm or phishing attempt disguised as a textbook. The ClamAV detection and ML classifier strongly suggest malicious intent, likely related to phishing or distributing further malware. No scripts were extracted, but the extensive external linking is a primary indicator of malicious activity.
Machine Learning
- Nyx PDF Classifier malicious score 0.9858
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/award?keyword=mathematics+2+textbook+pdf
- https://static.s123-cdn-static.com/uploads/4485800/normal_5fed2b2f16d49.pdf
- https://xasevezivim.weebly.com/uploads/1/3/5/3/135302984/sekevunuratemaguri.pdf
- https://cdn-cms.f-static.net/uploads/4444358/normal_601937fc41420.pdf
- https://cdn-cms.f-static.net/uploads/4449990/normal_602b5f476679c.pdf
- https://cdn-cms.f-static.net/uploads/4445864/normal_604380c51e331.pdf
- http://pomulagija.iblogger.org/66155722494.pdf
- https://munuteme.weebly.com/uploads/1/3/4/8/134862418/zipexobaxufexi.pdf
- https://cdn.sqhk.co/nirobipodev/gos6gdv/jungle_adventure_in_island_worlds.pdf
- https://cdn.sqhk.co/gapalagabig/fbC1wOu/mujarilutod.pdf
- https://cdn.sqhk.co/mikedeto/zahfqTk/t_mobile_sim_emergency_calls_only.pdf
- https://vusokozederik.weebly.com/uploads/1/3/4/9/134901716/4dce23.pdf
- https://pidexijot.weebly.com/uploads/1/3/5/3/135316959/palupajobogetovuliw.pdf
- https://sojabejob.weebly.com/uploads/1/3/4/8/134890412/tedukepo.pdf
- https://jukamonasob.weebly.com/uploads/1/3/0/7/130740128/lixipatuvuvak_tusamuf.pdf
- https://zoseduzarososu.weebly.com/uploads/1/3/2/7/132740870/nododaxomomo_fafamo.pdf
- https://rofasaxoropop.weebly.com/uploads/1/3/5/3/135316675/zasiwupovuzunag-munajabuno-kuwopoziziju.pdf
- https://cdn-cms.f-static.net/uploads/4388156/normal_6042f835e670e.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://83372c7a-1065-4b07-8284-b64562b46e84.filesusr.com/ugd/035489_a39c7a03977c4e919fbd49e4697f55cd.pdf?index=true
- https://d99c26cc-8c68-456d-a039-1a26994c8d26.filesusr.com/ugd/105a8c_4309cceeebf2440f9f6a52aa2e86b8a4.pdf?index=true
- https://4be8a7ba-6c9a-47a4-99fc-a5961b41a404.filesusr.com/ugd/132250_f2cd8a2d6c2845ff88a101d12fca1a0d.pdf?index=true
- http://wisopex.epizy.com/55552901068.pdf
- http://gesovupa.epizy.com/42371163814.pdf
- https://e8f98835-b194-42a5-b43f-fe2f29920dd6.filesusr.com/ugd/bf650e_b97105621af14978b0624baceba2acf4.pdf?index=true
- http://fikexole.rf.gd/dilaw.pdf
- https://42190e62-4dca-482d-a077-ae7b222d7779.filesusr.com/ugd/b91392_bc7b38a5f8844d99871a881d6c0aa081.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000101f6.bindaac55eee41c716443b382d27922776281b9b5b38eec8a2eced9026426808e74 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101F6 | 5676 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.