MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains a large number of external links, many of which point to unknown or potentially malicious domains, suggesting a link farm or phishing operation. The document body, though heavily obfuscated, appears to be a lure related to a technical query, designed to drive users to these external sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=how+to+remove+anode+rod+from+whirlpool+water+heater PDF link annotation
- http://axecheat1.xyz/23264360922pir.pdfIn PDF document text
- https://cdn.sqhk.co/viwitukaz/Xid3Oji/dapevolufivezemonovodan.pdfIn PDF document text
- https://cdn.sqhk.co/rorexamuviz/ibdgjsk/priority_pass_standard_membership_uk.pdfIn PDF document text
- https://cdn.sqhk.co/bidekidarub/hhabjh8/43396107460.pdfIn PDF document text
- http://samoe-samaya.ru/lemejukoxikapafigusaver55djo.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://9f61dd91-ea7e-4edc-a837-c43fae5dccfb.filesusr.com/ugd/ed897c_0beebd20894349c69fe5b25cf6d30380.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/kavalukato/should_my_water_softener_be_full_of_water.pdfIn PDF document text
- https://176fe727-baa2-4f6f-8ab0-cddcd97ecb74.filesusr.com/ugd/45df28_6f264e5c487945c6a216764b978ab3d0.pdf?index=trueIn PDF document text
- https://e29a9437-b0a5-48a6-9afa-908397ce514a.filesusr.com/ugd/16a9c1_9e941fe77d11482ca0c2f0bfff8eae2a.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/wiwamoxamo/skype_for_business_android_app.pdfIn PDF document text
- https://s3.amazonaws.com/waduzirader/philip_freneau_the_wild_honeysuckle_analysis.pdfIn PDF document text
- https://s3.amazonaws.com/jagux/kironezasijev.pdfIn PDF document text
- https://s3.amazonaws.com/rekawexuretowo/fepetosemazexute.pdfIn PDF document text
- https://s3.amazonaws.com/sisaxu/xufujekerifolepiwozid.pdfIn PDF document text
- https://e60c805d-b9e1-47fc-b045-983511e9ac1f.filesusr.com/ugd/116bb2_ab8886dc419b42009f4d147f4d14b4f3.pdf?index=trueIn PDF document text
- https://7e005a1c-fb68-43c1-af83-b854b6a2d282.filesusr.com/ugd/dcfb95_23e0aee66c1e4a97a1e1c553f31eebb5.pdf?index=trueIn PDF document text
- https://59bb578d-b312-442a-858b-1a1a54b18a6c.filesusr.com/ugd/c79b1c_d864c5903d60438e8fcc8877e4b39e05.pdf?index=trueIn PDF document text
- https://203e60c5-e32a-4587-ab6d-31d66de6d5b9.filesusr.com/ugd/014c36_3f08aca13f3a46a69f8b9ca6b9552123.pdf?index=trueIn PDF document text
- https://35b1a599-9f45-4897-82ce-59a931fc5495.filesusr.com/ugd/daca0d_a0a60daff3124c6a8f7a040f3b7a1533.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/lovomijelun/nujotemevukiwitikinova.pdfIn PDF document text
- https://s3.amazonaws.com/lusegokaves/3474102023.pdfIn PDF document text
- https://s3.amazonaws.com/bifamomove/27506461935.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e292.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE292 | 5004 bytes |
SHA-256: 90d57aa52936162e71333e7f3821f9ae54cadef582368897bcbb54d4f6f1c81b |
|||
font_01_sfnt_off0000f36b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF36B | 10428 bytes |
SHA-256: d25925a3fb673c7e23fb5bc2ff4360281a3f6dab2d0bcfcb767faae670be56b2 |
|||
font_02_sfnt_off00011721.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11721 | 4324 bytes |
SHA-256: d1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.