MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/strik?utm_term=2008+jeep+wrangler+unlimited+x+4wd PDF link annotation
- https://cdn.sqhk.co/jenotonolo/9hafgcv/74104589589.pdfIn PDF document text
- https://cdn.sqhk.co/dibirolinu/hijfjhz/12938754625.pdfIn PDF document text
- https://cdn.sqhk.co/lerutefo/hihamie/injection_stretch_blow_molding_process.pdfIn PDF document text
- https://cdn.sqhk.co/temetixufuxi/9ONSBjb/29082450376.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://8c56b32b-3398-45d6-9c0b-b55146621f16.filesusr.com/ugd/6924eb_72926d9656874750aa37d7f526ec1338.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/a1d77f4b-5e1d-4989-9ea7-bfd4e8adac79/15733388198.pdfIn PDF document text
- https://0502d5d0-a0f5-47b8-bc1c-644c46e4e431.filesusr.com/ugd/6cabbb_82a6ac4b4fda46a9997eb0483c5507bb.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/4346b8ce-dc9b-4f16-903c-4328e586ec04/sanakumegobajikibaj.pdfIn PDF document text
- https://8459f3b7-b2e6-4b58-af31-5f29adf293b7.filesusr.com/ugd/a68450_b8d5bd99c3ab4fd39c07ff3e1403ac33.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jirebonudur/vowiperen.pdfIn PDF document text
- https://217ba8a6-026c-4a9e-b1ce-2eadff0a4a08.filesusr.com/ugd/3d7af5_551845fceb93455da7167a8a46ae0045.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/muxozuvalubi/menabosaga.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/80839fe7-ef19-43b8-9766-30fd1aae1114/94636878817.pdfIn PDF document text
- https://s3.amazonaws.com/bajapovogam/how_to_write_a_scientific_research_paper_ppt.pdfIn PDF document text
- https://s3.amazonaws.com/voxulija/sunuwukoziguvuka.pdfIn PDF document text
- https://s3.amazonaws.com/fizup/the_dark_tower_review_guardian.pdfIn PDF document text
- https://2b01876c-5741-4e94-bfb6-30973e4a6517.filesusr.com/ugd/45d688_ce5a5e4a78914462943d1fde46754de0.pdf?index=trueIn PDF document text
- https://8569cc17-8b2a-4187-ace0-95b0550b99f0.filesusr.com/ugd/d6eede_ce04d314afe2400ba2228c91c92d8ecb.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/pogolo/dedifixuvifavuwenawewos.pdfIn PDF document text
- https://s3.amazonaws.com/rovuweraja/how_long_do_the_5_stages_of_grief_last.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e36a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE36A | 5796 bytes |
SHA-256: 9aacf290c541059908b59267424007b290063f9a35c89bc5f6e3a58c28def130 |
|||
font_01_sfnt_off0000f730.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF730 | 10840 bytes |
SHA-256: 0cb7ce58a2a9b88e6bf24c990b27f137c3c38aaa9cddf70fc3528e01f0de6fab |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.