MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, a common tactic for SEO poisoning and phishing. The heuristic 'PDF_SEO_LINK_FARM' indicates a large number of links, with one pointing to 'http://fagewoxe.epizy.com/76072189757.pdf'. The primary external URI 'https://soxebez.ru/award?keyword=encyclopedia+judaica+vol+18+pdf' suggests a lure to disguise the malicious intent. While no scripts were explicitly extracted, the presence of PDF-specific heuristics and the ML classifier's high confidence score point towards a malicious document, likely a phishing or downloader attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.8218
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/award?keyword=encyclopedia+judaica+vol+18+pdf
- https://cdn-cms.f-static.net/uploads/4471249/normal_600cae5019a9d.pdf
- https://cdn-cms.f-static.net/uploads/4470962/normal_604d9962e6997.pdf
- https://cdn-cms.f-static.net/uploads/4491151/normal_605dc6eaeb76f.pdf
- https://cdn-cms.f-static.net/uploads/4421056/normal_5fd0d5731d3d0.pdf
- http://bovuwitinix.22web.org/vawixopodomupamibawufemoz.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://fagewoxe.epizy.com/76072189757.pdf
- https://8717ace1-8174-44a1-9f98-e7cbf9e9ed94.filesusr.com/ugd/14e3be_ea9660933b0e48d882e26b8cbf6fc3f4.pdf?index=true
- https://d5e9a058-cbdc-4968-ba72-30cdbf1e36a3.filesusr.com/ugd/9cfd0a_bb0aad6c3f4848adb1da56e42a805a66.pdf?index=true
- https://5fdaa9e0-ad6d-443b-8779-beb8e45026dc.filesusr.com/ugd/05301a_067ae4eb55ad4411bb07df9ba24c3dc0.pdf?index=true
- https://ee60c613-3dd1-430d-b711-08e3dcbf0273.filesusr.com/ugd/19ce5d_6975db57945c40439457aa549cd58ddc.pdf?index=true
- https://s3.amazonaws.com/godewumazek/top_omatic_cigarette_machine_problems.pdf
- https://s3.amazonaws.com/vososasoxumete/39715492704.pdf
- https://uploads.strikinglycdn.com/files/bf9ad2cc-306c-4046-94fa-bc1512105bfc/fortran_77_tutorial.pdf
- https://d670dda7-df53-4ef1-8eda-d3256df28744.filesusr.com/ugd/dbbbec_bf6402cc03f54c28982cb8be1f02173d.pdf?index=true
- https://s3.amazonaws.com/sazixipame/maytag_maxima_front_load_washer_reviews.pdf
- https://ac09d6fb-20d1-47e2-97cb-2568fc137cdf.filesusr.com/ugd/03dcd4_44d418a5b2ec405f90b5491318b4da4c.pdf?index=true
- https://s3.amazonaws.com/dinilederu/free_flowchart_template_google_docs.pdf
- https://76f5a3e5-08d8-4581-9975-6c1b933a1845.filesusr.com/ugd/dbbd16_f2f733dc9eda4700bcbe1cf7a699920d.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012ce3.bina7a7c0794789ac059ad35c60afab62f74a15585b5d71a2c3af6904b012dc8e83 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12CE3 | 5316 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.