MALICIOUS
186
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a significant number of external links, many pointing to disposable domains, indicating a link farm designed to obscure malicious destinations. The heuristic 'PDF_SEO_LINK_FARM' and 'PDF_SEO_DISPOSABLE_LINK_FARM' strongly suggest this. The presence of a malicious URL, https://mezovuduw.ru/strik, further supports a phishing or malware distribution attempt. While no scripts were explicitly extracted, the ML classifier and ClamAV detection indicate malicious intent, likely involving exploitation or redirection.
Machine Learning
- Nyx PDF Classifier malicious score 0.9967
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=red+rising+trilogy+order PDF link annotation
- http://gidujoluj.mypressonline.com/76606969574.pdfIn PDF document text
- http://kijekidajefi.getenjoyment.net/54251301796.pdfIn PDF document text
- http://lanizimugigil.getenjoyment.net/zelda_breath_of_the_wild_full_map.pdfIn PDF document text
- http://tafugegajotu.mygamesonline.org/34284769055.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/sivanira/core_java_interview_questions_and_answers_download.pdfIn PDF document text
- https://128fc002-9ed4-4a8f-9a6b-83b43563a9ed.filesusr.com/ugd/6812d7_379e0f0456ec43ecb97ad90c29aceec7.pdf?index=trueIn PDF document text
- https://711920be-b761-4f0e-a604-762b26663b16.filesusr.com/ugd/ffcbea_8e01804b99ee4ac2a75aadc4c4a23638.pdf?index=trueIn PDF document text
- https://ec8c99fd-5413-4e38-b6a0-2ccbba71fc6f.filesusr.com/ugd/de02f3_364f82f65a6c4d7d893b541810028db1.pdf?index=trueIn PDF document text
- https://e02212b7-c8ec-4bf5-ba3e-d68a1de675e0.filesusr.com/ugd/7f1d73_0c147810a59d49b7b68c54ae9882ce4d.pdf?index=trueIn PDF document text
- https://0bdb67af-4c57-4a6e-9706-714cc80719f5.filesusr.com/ugd/fc840b_39c34dae663a4bb2a923c3c28aadafc5.pdf?index=trueIn PDF document text
- https://1a9cd40a-f0d6-44d4-a143-19288280ca2b.filesusr.com/ugd/7a13df_874e8441a68945b4b6f8e050f8124de4.pdf?index=trueIn PDF document text
- https://081e7fb2-604d-424b-9b75-a58d54a71a44.filesusr.com/ugd/abd6ea_2649ab92169c453589c787e941a18c7c.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gofilafixu/dream_interpretation_baby_white_snake.pdfIn PDF document text
- https://6f8cb219-4830-455d-9ced-b55e65700e85.filesusr.com/ugd/fd30ac_67c264dc548d4f57a2639e947e1ddaf2.pdf?index=trueIn PDF document text
- https://c8f6a2ed-bc8a-4fd4-b26a-19707db7c4cd.filesusr.com/ugd/1cc7e8_edd61aae42724ed4b7fd0198c2537dac.pdf?index=trueIn PDF document text
- http://ferebazuvitu.epizy.com/comparing_fractions_worksheet_4th_grade_answer_key.pdfIn PDF document text
- https://d3dd75b0-514a-4dbf-a1f7-973a5b421fb1.filesusr.com/ugd/5b46ec_961f4d3682164ec380988b90d349c576.pdf?index=trueIn PDF document text
- https://7fe6b731-3703-45da-bcbe-faf39b4d3392.filesusr.com/ugd/880a7e_2f068ccb511443c58c736c63ab88549b.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/lekelepowo/on_the_sidewalk_bleeding_comprehension_questions_and_answers.pdfIn PDF document text
- http://ritajegowi.epizy.com/89624505468.pdfIn PDF document text
- https://s3.amazonaws.com/bejikefowu/boretelesuxenafevitatebu.pdfIn PDF document text
- https://033a7475-7ccb-45c1-8f1e-38fd320d48d0.filesusr.com/ugd/03a576_b53c802a132e456b9b4e547543fca561.pdf?index=trueIn PDF document text
- https://8717ace1-8174-44a1-9f98-e7cbf9e9ed94.filesusr.com/ugd/14e3be_ea9660933b0e48d882e26b8cbf6fc3f4.pdf?index=trueIn PDF document text
- https://9e77dbea-16d6-438e-9859-4a68c5388828.filesusr.com/ugd/3225da_4772494f7bde4f81bc1b250b676dfb57.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/bipepezuwed/toro_evolution_irrigation_controller_manual.pdfIn PDF document text
- https://0bef8565-087b-457a-960c-b0529baba50c.filesusr.com/ugd/638000_6e2510e965f74e5089cbd29fe66cd77c.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011355.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11355 | 4892 bytes |
SHA-256: 94bdbdedcb8959ddeedf8790d0c74b9b91221a073150dad82e8dfe9989d40371 |
|||
font_01_sfnt_off00012415.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12415 | 10976 bytes |
SHA-256: 66e313bc271bc023ea1385af8398cf9b479372ed9a5a76af35d769cad12fad69 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.