MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://krisoc.ru/pbw?utm_term=verbal+intelligence+test+questions+and+answers+pdf PDF link annotation
- https://texapusozos.weebly.com/uploads/1/3/1/4/131407592/c3b12c7994ec2c2.pdfIn PDF document text
- https://gebajujevaxudod.weebly.com/uploads/1/3/5/3/135398545/worubaj.pdfIn PDF document text
- https://kuribigewisowe.weebly.com/uploads/1/3/4/6/134688213/gotiwovuzeseroj.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/a6993272-00ce-46a5-a4fa-de190da39f42/dukedofavofuvofinobiv.pdfIn PDF document text
- http://wojipag.pbworks.com/f/fire_hd_8_tablet_with_alexa_specs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9bb3526c-f9bc-442b-85c2-3308bcca3e88/goxenasirowor.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/35ef447c-257b-4166-8891-b7afcf208216/pivufunusugipipegamora.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/816a3687-3479-4208-bcf8-3c1ce0f2a865/38690581042.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eda54b16-22cd-4211-a16b-975617011e94/stephen_king_rage_novel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4071a9c-cd1d-46f2-a620-e9dddf9b6376/zoxefitakov.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aef33ca0-55b8-41de-b576-2e708b7401ec/20207599764.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a41f1999-aa12-41c8-b760-2a34633e6c3a/49598667695.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e66e03cd-058d-4a84-ac6e-e9a1488ff143/how_to_connect_jvc_bluetooth_speaker_to_laptop.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/552ebe7d-be4e-4133-9a43-77d057f27210/what_is_a_scofield_bible.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/827c6fa6-75bd-4043-b4b2-d771e154fb2a/in_the_long_game_meaning.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7201a4f9-2439-40ee-ad67-693a467f5692/computer_network_multiple_choice_questions_and_answers_in_hindi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4ca9b325-6c25-4785-b321-b6c30f894b80/72255246375.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e772aa56-8ccf-4532-8c25-2d3a59cf7afa/how_much_oil_does_a_2006_gmc_envoy_take.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/923764b5-d14e-4ceb-8bc0-3d59ab4e0576/rosetta_stone_spanish_workbook_level_2.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4cda8dc1-2ff1-4d35-a090-4f2d7e01906a/50_shades_of_grey_freed_online_greek_subs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/faaf230e-0f96-45b8-903c-3593eafec71e/nagasize.pdfIn PDF document text
- http://fujiserefi.pbworks.com/f/toludukuribipuvodime.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/764f0873-5b38-473f-b3bc-8552162aef01/will_a_battery_tender_charge_a_car_battery.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c7d0dc5e-afa5-405f-b8f5-13db259b1799/what_to_do_when_hp_laptop_battery_is_not_charging.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/51e14817-bed4-4c06-8181-ab669d356363/netgear_prosafe_gs748t_manual.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000faa2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFAA2 | 5648 bytes |
SHA-256: 803ca348910f0ba581cd8cb044a6bcb6e69f35ed17e00c26f425e0c5ae3d81de |
|||
font_01_sfnt_off00010df0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10DF0 | 10548 bytes |
SHA-256: 2dcc9702ff10b70f723616c146efa3f2c93fe169b9bb0ad03a876f07ee252449 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.