MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, many pointing to other PDF documents, suggesting a link farm designed for SEO manipulation or to host malicious content. One prominent URL, 'https://maypoin.ru/strik?utm_term=super+mario+bros+3+apk+download', is presented as a download for a game, likely a lure. The ClamAV detection and ML classifier further indicate malicious intent, likely phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.7004
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/strik?utm_term=super+mario+bros+3+apk+download PDF link annotation
- https://cdn-cms.f-static.net/uploads/4410441/normal_5fd3718494d2e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4481828/normal_5ffb589d53f9a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4417119/normal_5fcba2de593b7.pdfIn PDF document text
- https://pedomolakikivo.weebly.com/uploads/1/3/4/4/134440841/1356267.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480880/normal_60404554a69b5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4481993/normal_6019f0bf77d40.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4445125/normal_5fe87b13b5295.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4443356/normal_5ff982613b484.pdfIn PDF document text
- https://pizojiri.weebly.com/uploads/1/3/4/6/134651663/begeparu.pdfIn PDF document text
- https://gewedawinun.weebly.com/uploads/1/3/4/7/134745389/6a2722bc3.pdfIn PDF document text
- https://lerorenoj.weebly.com/uploads/1/3/5/3/135390996/daduwebegarubusitav.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4472506/normal_5fe49f3885d9d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4452850/normal_600dc77a55e9e.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/803ed916-9b53-447a-9f6c-d2c4bcef5248/el_diario_de_greg_2_resumen_libro.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b9f355c4-956e-4dba-91ee-84c9a142f8d7/why_is_my_acer_nitro_5_not_charging.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8201bbaf-d048-4e74-9a6b-c1d8a09050eb/what_does_data_warehousing_allow_organizations_to_achieve_day_to_day.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8eb4b4c-758a-42ac-b6ee-2a6a8e904a4f/what_are_the_elements_of_security_plans.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/45d6ca2a-2ec9-47dc-b15b-da8870f1a194/babatofowalaporevis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/524e72a1-4790-4cdb-9ee1-86089836b361/gone_the_complete_series_michael_grant.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f7ded170-94a1-4425-ba5e-7d8d09022816/canon_powershot_sx710_hs_superzoom_compact_camera.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01f8925d-bff6-4cea-acc9-e3f85a4c73ac/biwoboxa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/25a28bf9-832a-4af8-8b61-0c624c84ce8c/secret_ya_latif_pour_largent.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f01297a7-be43-4520-92a0-32eb184cc6b3/what_is_sacred_geometry_used_for.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/861a386f-4d06-4308-879e-4ded19083108/craftsman_7.25_lawn_mower.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f458.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF458 | 5668 bytes |
SHA-256: 99a74dadebf39709dcb400b98390d475175f0351ff088d2456778900e97368b9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.