MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file contains a large number of external links, many of which are hosted on disposable domains and appear to be part of a link farm designed to manipulate search engine results. The presence of a ClamAV detection for 'Pdf.Phishing.Trojan' and a high ML classifier score strongly indicate malicious intent. The document body, though heavily obfuscated, contains references to 'Amazon kindle convert pdf via email' and 'wkhtmltopdf', suggesting a lure to disguise malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9133
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/award?keyword=amazon+kindle+convert+pdf+via+email
- https://zesaxigupube.weebly.com/uploads/1/3/4/0/134016892/8e366b9.pdf
- https://zaketedojerobi.weebly.com/uploads/1/3/6/0/136023974/mubuxazuno-bidomegototosut-vojomamojuzu-gifosodiro.pdf
- https://cdn-cms.f-static.net/uploads/4379837/normal_60551b3e11e82.pdf
- https://damatabawapu.weebly.com/uploads/1/3/1/3/131379320/6284514.pdf
- http://megidexabaror.mywebcommunity.org/91453477697.pdf
- https://static.s123-cdn-static.com/uploads/4465709/normal_5fcc541020f10.pdf
- https://zorusijumabek.weebly.com/uploads/1/3/4/8/134851431/9801114.pdf
- https://static.s123-cdn-static.com/uploads/4476925/normal_5fdf2b571932d.pdf
- http://fegivate.medianewsonline.com/dinamalar_aanmeega_malar_download.pdf
- http://sasawavivar.mygamesonline.org/effects_of_tardiness_of_students.pdf
- http://tulavesew.getenjoyment.net/descargar_biblia_de_estudio_thompson_gratis_en_espaol_apk.pdf
- http://xozowilozoga.mywebcommunity.org/favudogis.pdf
- http://xepelewatelaziv.getenjoyment.net/gukig.pdf
- https://nizifaweneli.weebly.com/uploads/1/3/4/5/134589853/9791944.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/a5ca5445-b477-4e06-a6fc-3a6fe3a1b759/the_entertainer_movie_robert_redford.pdf
- https://uploads.strikinglycdn.com/files/7a9a7e05-1a5d-4965-aaf9-4e2fa8196692/92873833811.pdf
- http://rotufixijisadi.onlinewebshop.net/zijexojegozabiwusil.pdf
- https://uploads.strikinglycdn.com/files/0fbcb04a-4689-40ab-b861-6bf549915df6/48692786927.pdf
- https://uploads.strikinglycdn.com/files/fa0d65a7-c6b7-4689-bb71-0a344799443f/54368805275.pdf
- https://uploads.strikinglycdn.com/files/b8aea1d9-a740-4642-80f8-3922543e3a8b/icse_class_3_english_grammar_book.pdf
- https://uploads.strikinglycdn.com/files/36513e5f-25d4-4bc1-8beb-5a6885f5ebc1/stihl_011_avt_parts_manual.pdf
- https://uploads.strikinglycdn.com/files/3bc6d020-05ac-46e6-862f-e7f2fceb555b/autocad_command_window_gone.pdf
- http://sakogabutal.onlinewebshop.net/89445649845.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fb6d.bin297d84ad5433636d2bce3e7a23adb85cc9035c47fed6f028914c35f39a2367e2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFB6D | 5284 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.