MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cructi.ru/pbw?utm_term=bridge+to+terabithia+chapter+questions+and+answers+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4374207/normal_60c068b137c2e.pdfIn PDF document text
- https://kesoxebexug.weebly.com/uploads/1/3/2/6/132681937/zuxukajoreraz.pdfIn PDF document text
- https://munuradon.weebly.com/uploads/1/3/1/8/131859370/482263.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4403271/normal_60211584277a6.pdfIn PDF document text
- https://tafivemusuwivik.weebly.com/uploads/1/3/5/3/135322605/4462107.pdfIn PDF document text
- https://padotugaladod.weebly.com/uploads/1/3/4/6/134615244/6042759.pdfIn PDF document text
- https://tuzafezinaxav.weebly.com/uploads/1/3/4/3/134319976/276baf873e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4464863/normal_604b71251e7c1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413848/normal_6057cc3fb3ac3.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/78683489-c452-4982-91fb-e64004a663ff/47484690291.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0d3a9302-0606-4299-882d-2ca92f3614a4/pasos_para_realizar_un_algoritmo_computacional.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9de4c046-5663-48a0-a1c3-1c2e33041a18/tokyo_ghoul_season_5_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d27a3716-3889-4907-9d4b-656c9fe33d4f/75562847597.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3503acef-65c6-434a-a506-6043edf46b8a/lisoziwasudolomun.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b995dc0a-a561-437d-904b-145ffbd6b36f/gemurem.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3cd8f281-e83f-4665-aa5e-daa2b2e72fad/22128943237.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c2142360-d8fe-4a5a-a2cf-b49c21190f2b/xunigovaxetogo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2fc9089-84fb-4cff-bda5-214921823bfb/76654171867.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f6e0b0e-c821-41ba-b1d4-139207f79b04/kudetamifafivew.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2e768e1f-ea6c-49ac-b91e-466827c5de86/19023265259.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6c2ea193-79da-47f7-b6f9-db6ab845fdb2/vidmate_apk_download_install_new_version_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7b1ea486-a8c8-4e89-b9da-964f69ee7ded/samsung_m2835dw_wifi_setup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aca015b8-7cf8-4d1b-9da3-15b7a29592a5/29801836424.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/61826e92-77b8-4b64-9606-267534e3ad7e/nawema.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bd162511-1935-40bc-9de0-9af98510e1a1/short_film_scripts_on_drug_addiction.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fbdc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFBDC | 5804 bytes |
SHA-256: aef45cc871d8807fb3e0c178309b2e1567a40227418b97f086e915c78f540367 |
|||
font_01_sfnt_off00011001.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11001 | 5792 bytes |
SHA-256: 15daa0665ca5e656826b8663e0c793bc247458056ddbd45423c61267d2a3d754 |
|||
font_02_sfnt_off000123bc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x123BC | 11092 bytes |
SHA-256: 076daaf6eb81a1b400ccbc1a2393a756c620e70e346da21e78d42b6976150977 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.