MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document is identified as malicious by ClamAV and ML classifiers, exhibiting characteristics of a phishing lure. The PDF_IMAGE_LURE heuristic indicates it presents as an image to entice clicks on an embedded external URI. The primary external URI identified is https://crophysi.ru/award?keyword=barcelona+plano+metro+pdf, which is likely part of a phishing campaign.
Machine Learning
- Nyx PDF Classifier malicious score 0.7598
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 59 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/award?keyword=barcelona+plano+metro+pdf
- http://bettermoneytips.com/110029590131vidk.pdf
- https://cdn-cms.f-static.net/uploads/4453906/normal_5fe7d806948c3.pdf
- https://cdn-cms.f-static.net/uploads/4407733/normal_60443d59b1c4b.pdf
- https://cdn-cms.f-static.net/uploads/4455377/normal_5fe99ebaed08c.pdf
- https://static.s123-cdn-static.com/uploads/4446388/normal_6008dd4e3b2b6.pdf
- http://faxadiweruxu.22web.org/99175300141.pdf
- http://alsamcctv.com/jorufijoronaxiwemobaxolpgzj7.pdf
- https://cdn-cms.f-static.net/uploads/4410190/normal_605160cd7d3d6.pdf
- https://cdn-cms.f-static.net/uploads/4388835/normal_6047c8af4f321.pdf
- https://cdn-cms.f-static.net/uploads/4454999/normal_5fd810e5693d2.pdf
- http://cmbclientes.com/online_quran_teacher_female_uku5byd.pdf
- http://bitsracing.net/mexuvuruturonorufd0q10.pdf
- http://alex-chekalev.com/intermatic_pool_timer_t104p3ueboo.pdf
- https://cdn-cms.f-static.net/uploads/4382618/normal_601a051ab6cab.pdf
- https://cdn-cms.f-static.net/uploads/4415061/normal_604952b2dd053.pdf
- https://f414df59-d0c5-412c-8277-160bd92acc6e.filesusr.com/ugd/055bb3_6367899999764d79bd704399893ff5f2.pdf?index=true
- https://s3.amazonaws.com/mubefula/toyota_yaris_2007_hatchback.pdf
- https://4095172d-bd2f-4181-91d7-dd424e653400.filesusr.com/ugd/df73ab_4721829dc52b469eaa5af1dc04755dba.pdf?index=true
- https://2ea3657d-1c4c-40dd-8491-58aeeb8dc933.filesusr.com/ugd/18a85a_7218a7d139ca46a192492d07cac417a2.pdf?index=true
- http://nixuverojezuluz.epizy.com/android_10_one_ui_2_beta.pdf
- https://e082b6be-64c0-45f6-a8ff-82b9c6f476f0.filesusr.com/ugd/1479de_b9481d8105c04d97aead7b71f6186879.pdf?index=true
- https://4f7f339c-9ee9-4921-a7ad-794169edd555.filesusr.com/ugd/fea72b_3b44da3b73ef4d1ca97ab033b2122272.pdf?index=true
- http://borogibapomad.epizy.com/canon_raw_codec_software.pdf
- http://juwesuzibu.epizy.com/vadufozosugefoxipot.pdf
- https://s3.amazonaws.com/sajezife/tidukiresedob.pdf
- https://s3.amazonaws.com/tobaziw/2332671477.pdf
- https://s3.amazonaws.com/pavujiniz/6585595686.pdf
- https://s3.amazonaws.com/jotizifime/21034712522.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.