MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF contains a large number of external links, identified as a link farm, suggesting a malicious intent to redirect users. The ClamAV detection and ML classifier strongly indicate this is a phishing or malicious document. No scripts were extracted, but the primary attack pattern involves leveraging embedded URLs for malicious redirection.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/award?keyword=html+to+pdf+angular+npm PDF link annotation
- https://cdn.sqhk.co/jemajujo/Ygfggfm/alan_walker_best_music_ringtone_download.pdfIn PDF document text
- https://cdn.sqhk.co/simikitivo/dSGUgeY/7561545437.pdfIn PDF document text
- https://cdn.sqhk.co/xumifutave/ieOrwmQ/under_map_glitch_gta_5.pdfIn PDF document text
- https://cdn.sqhk.co/zabeluzitema/yWM1cig/turenajizune.pdfIn PDF document text
- https://cdn.sqhk.co/nitunoda/bOgcXjb/nesajomukobuji.pdfIn PDF document text
- https://cdn.sqhk.co/luwokiseg/d5pPgix/kedigamami.pdfIn PDF document text
- https://cdn.sqhk.co/saxamabewido/m2PkRCJ/38267315765.pdfIn PDF document text
- https://cdn.sqhk.co/kisunika/Yhjthfv/66858607304.pdfIn PDF document text
- https://cdn.sqhk.co/sujubowip/hbif5Ux/sonic_adventure_dx_director_s_cut_review.pdfIn PDF document text
- https://cdn.sqhk.co/nugilatunu/lJjdRib/sharpen_the_saw_activities_for_middle_school.pdfIn PDF document text
- https://cdn.sqhk.co/dudurejavir/gCggU0G/repazetovagasosatov.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/666576aa-5f49-4361-bb7d-6f7f234cf9dc/45475910998.pdfIn PDF document text
- https://13ea8442-998f-4f14-ba3b-7f37e53a414c.filesusr.com/ugd/008a9f_ff1e0412f48a4f6182ed55ee200d11e8.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/d867f6f6-2872-4c73-81b4-7ad691aa9bdd/wagumuguvixi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f3d0d771-0784-498a-b86e-203aad52952e/ryobi_31cc_700r_weed_eater_parts.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e9475b1e-4a59-45b6-977f-920df5a4eb01/how_to_write_effective_business_correspondence.pdfIn PDF document text
- https://37976aa0-f55f-47d3-847a-8d185b13ebf6.filesusr.com/ugd/1d6212_1ce69be088be422eb44c5cc632309d71.pdf?index=trueIn PDF document text
- https://a8a70d16-e3f0-4805-b115-4d8c62c40b57.filesusr.com/ugd/82e28d_872ebe00c8044506955425f55a084770.pdf?index=trueIn PDF document text
- https://0fdd9f25-8366-4660-9463-376fd915ad39.filesusr.com/ugd/c16cf9_8bfc04920bf74b5b810a6a5028933b26.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/d16837ef-2794-4860-a16e-cca7770c898f/46452131489.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f93d0c5a-fc6d-4c77-bd39-97796401ce82/mupekipebutinimovikogawas.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eb31.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB31 | 5144 bytes |
SHA-256: acf4d9d7b98e6a859861c45a5537ae6a972b3967e0be2eb5df7f25b655b09b8d |
|||
font_01_sfnt_off0000fc9c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC9C | 11208 bytes |
SHA-256: f54e555bf056543bb7485b601a789d26177879f677966a71f301bcfc8249cbf0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.