MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a large number of external links, many of which are SEO-optimized, suggesting a link farm or phishing attempt. The primary URL, 'https://resalured.ru/award?keyword=nutrition+during+pregnancy+and+lactation+pdf', is likely part of this scheme. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.8093
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/award?keyword=nutrition+during+pregnancy+and+lactation+pdf
- http://supariwepexafat.mywebcommunity.org/swedish_massage_routine_full_body.pdf
- https://cdn.sqhk.co/godezixibufo/iSUBULA/the_last_stand_2020.pdf
- http://juvovagesubo.mywebcommunity.org/blankets_craig_thompson_ebook.pdf
- https://cdn.sqhk.co/sojowidaz/igFdKjc/60797912943.pdf
- http://sifaritube.sportsontheweb.net/bridge_over_troubled_water_piano.pdf
- https://cdn.sqhk.co/figoveraboj/IEjgcjg/fun_stacky_jumper.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://f459ab6e-ac57-43ce-b83a-1524846427e4.filesusr.com/ugd/938c70_1b4c28314009461799b6fe11c7036af0.pdf?index=true
- https://s3.amazonaws.com/jukoxisojow/choriocarcinoma_cancer_information.pdf
- https://s3.amazonaws.com/fajujiju/39345437977.pdf
- https://45ae50e1-98a8-4501-9ad6-fc0df438eb43.filesusr.com/ugd/b16523_1fdca2f3b5784210acef4469d3961950.pdf?index=true
- http://pekomuvave.myartsonline.com/pizubuxodadevesut.pdf
- https://0ddd2631-58c7-464c-86d0-a5d1d8121c04.filesusr.com/ugd/301b85_6540a4f93e65439d9d0f9b98b949f507.pdf?index=true
- https://8d5bcf17-53f2-4f21-b585-7a27aef14131.filesusr.com/ugd/7baf93_438a429941a04ccc84cc4c24552e4de1.pdf?index=true
- https://9ebe8999-295a-4f11-87dc-c96f3e1b46ff.filesusr.com/ugd/8de238_9dad0a1be8f84338bc046e175e3000f1.pdf?index=true
- https://80b1f93a-fe74-4439-a81d-34814fa7a505.filesusr.com/ugd/e56fe2_18feda7c0c3140e984b8aa1c1d175893.pdf?index=true
- https://9e77dbea-16d6-438e-9859-4a68c5388828.filesusr.com/ugd/3225da_691da3dd49d04dd381a493663ee1ce62.pdf?index=true
- https://s3.amazonaws.com/tojabixefova/sinuxibuxutawomedet.pdf
- https://6363ce23-9394-4102-a476-7be320345719.filesusr.com/ugd/7c41c1_fb39ad060f3f4281bf4c3d8741541134.pdf?index=true
- https://44dd6259-7513-41c7-b2f1-b2b1fc385d2e.filesusr.com/ugd/63022f_eb1c61ae6e8340cf80453e644fcb4b50.pdf?index=true
- https://s3.amazonaws.com/zibenoroduzuw/manual_de_auditoria_financiera_gubernamental_2018.pdf
- https://ab0007c4-58ca-4db2-ab23-686bae4d53c1.filesusr.com/ugd/8bf248_b31f313ed49c4e098ee8ad45b9568068.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee75.bin59adb47df8380b66d38cc7f7235d1067277bad7c95f14661976744b225e1a5a1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE75 | 5216 bytes |
font_01_sfnt_off0001005a.bind088cebca1c1d7b6934c04e2324dadf9d92c3a2e14da850ca611591a106d2fd1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1005A | 10188 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.