MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple heuristics as malicious, including a critical ClamAV detection and an ML classifier. It contains a large number of external links, many pointing to unknown PDF files hosted on platforms like Weebly and Strikingly. This suggests a link farm or a distribution mechanism for further malicious content, rather than legitimate document content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://wededizopi.weebly.com/uploads/1/3/3/9/133986349/jajikafivodoxux_vaved.pdf
- https://static.s123-cdn-static.com/uploads/4402936/normal_60011cd2bf66c.pdf
- https://tusutaxuwipafu.weebly.com/uploads/1/3/4/4/134403355/jefufe_lakafibuw.pdf
- https://static.s123-cdn-static.com/uploads/4373243/normal_5fde2d645db2e.pdf
- https://vutadatibanol.weebly.com/uploads/1/3/4/8/134883393/1472604.pdf
- https://cdn-cms.f-static.net/uploads/4501231/normal_6052fbe95da61.pdf
- https://cdn-cms.f-static.net/uploads/4500678/normal_605d6c25230aa.pdf
- https://cdn-cms.f-static.net/uploads/4497356/normal_6024c48bb21f4.pdf
- https://cdn-cms.f-static.net/uploads/4453342/normal_60380957bdd12.pdf
- https://static.s123-cdn-static.com/uploads/4413475/normal_6001ca753d153.pdf
- https://logazimakopaw.weebly.com/uploads/1/3/4/3/134399250/a67695305.pdf
- https://static.s123-cdn-static.com/uploads/4365662/normal_5ff474ea4e955.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://feedproxy.google.com/~r/wb/ENAH/~3/4NO0L8wlyOA/wb?keyword=sarah%20dessen%20someone%20like%20you%20summary
- https://uploads.strikinglycdn.com/files/97c79d20-d3dc-4f6d-a656-149e15080b02/lynn_margulis_teoria_endosimbiotica.pdf
- https://uploads.strikinglycdn.com/files/596a45d5-ebab-41b6-87cd-2e4707fa1a5e/vovivivusexoxita.pdf
- https://uploads.strikinglycdn.com/files/b62191f5-77e0-4c3e-8f92-dade2bf8f17d/organizacion_matricial_de_una_empresa_constructora.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e5ac.bin78cdc1fc1cc751cb8a59c6152194706d5927355b98c8b5011668f9b4f29910ef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE5AC | 5332 bytes |
font_01_sfnt_off0000f7a6.binf8b3722456d91a6fd4daed57285dabcbbc98e4a37e0b1b600524324ed79d5270 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7A6 | 10648 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.