MALICIOUS
144
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as a phishing lure due to its image-only nature and embedded clickable link. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though heavily obfuscated, contains metadata suggesting it was generated by wkhtmltopdf, a common tool for creating PDF lures.
Machine Learning
- Nyx PDF Classifier malicious score 0.7209
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 48 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/strik?utm_term=communication+skills+for+the+healthcare+professional+pdf+free
- http://gejedesoni.getenjoyment.net/givedikob.pdf
- http://zurujavurobe.scienceontheweb.net/82479258143.pdf
- http://kafalukuwemi.mygamesonline.org/28824795530.pdf
- http://kobivoweder.mypressonline.com/homelite_chainsaw_parts_diagram.pdf
- http://wepisoja.mypressonline.com/manual_programador_rain_bird_esp-rzx.pdf
- http://kovativegapok.getenjoyment.net/manolaxesugil.pdf
- http://dakisemakegag.sportsontheweb.net/finite_element_method_simple_explanation.pdf
- http://wajazenizur.mywebcommunity.org/guitar_bar_chords_chart.pdf
- http://rosajeku.myartsonline.com/ielts_speaking_full_test.pdf
- http://gafodix.myartsonline.com/dukes_anesthesia_secrets.pdf
- https://s3.amazonaws.com/gedesisumi/top_offline_navigation_apps_for_android.pdf
- http://kikukuvikato.myartsonline.com/bsc_chemistry_syllabus.pdf
- https://s3.amazonaws.com/salosibejodod/apiculture_icar_book.pdf
- https://s3.amazonaws.com/kudowo/graphing_linear_inequalities_worksheet_l2s1.pdf
- https://a1c9bafd-2917-4c1b-b79c-a4b44a941470.filesusr.com/ugd/f0f215_ff406136c53b49f3b8414a9ba7cd36db.pdf?index=true
- https://f499a9ea-5579-4d3c-a180-ba191067f9b7.filesusr.com/ugd/34ec99_1b08512338d64c46be614ef18b87fa78.pdf?index=true
- https://9abff256-b119-4e75-a612-dfc075f5428e.filesusr.com/ugd/c73517_ff27677cd5984bdcb010299935f50986.pdf?index=true
- https://24451074-f53b-4065-993c-779ba3957988.filesusr.com/ugd/0ae25f_d9f5142d6ac64d638599fd9f2d40c04e.pdf?index=true
- https://df256b98-640c-444d-885a-8195c7360722.filesusr.com/ugd/40b9e6_add779f0607b4bc5847ad1ed6b126920.pdf?index=true
- https://s3.amazonaws.com/gezizefefififa/52806671748.pdf
- https://3f740848-0e57-4b51-8596-564812021bec.filesusr.com/ugd/cbe17c_e7ee372aef2b4304aa0ede0f6355ec80.pdf?index=true
- https://s3.amazonaws.com/varolexexus/30216940799.pdf
- https://2f8a6ab9-e864-4757-b083-6627a13f4c48.filesusr.com/ugd/405339_b92c8047a41440f59e15d862c3baffa7.pdf?index=true
- http://bitenozof.atwebpages.com/nupanusunavavulozanerix.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.