MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains heuristics indicating it is a malicious phishing document and hosts a link farm. The embedded URL points to a site offering a hack for 'Angry Birds Star Wars 2', a common lure for malware distribution or phishing. While no scripts were explicitly extracted, the PDF structure and heuristics strongly suggest malicious intent, likely involving redirection to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.8751
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://philabc.ru/pbw?utm_term=angry+birds+star+wars+2+hack+ios
- https://nizidisifa.weebly.com/uploads/1/3/4/5/134505067/4364423.pdf
- https://widosutolitidaf.weebly.com/uploads/1/3/4/8/134847614/vakumavogibuka-kakegebuluxak-zuveliwu.pdf
- https://jivimukik.weebly.com/uploads/1/3/0/7/130775904/viborefozumo.pdf
- https://cdn-cms.f-static.net/uploads/4393016/normal_601403656b476.pdf
- https://static.s123-cdn-static.com/uploads/4423189/normal_6000130ebc3ec.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/707306eb-8602-4918-a928-88e7bf217780/lost_at_sea_game_quidco.pdf
- https://uploads.strikinglycdn.com/files/58881d6d-fb83-4e83-afe7-ac5a7926c451/78465496944.pdf
- http://letonepamusi.pbworks.com/w/file/fetch/144435297/how_many_chapters_are_in_diary_of_a_wimpy_kid_wrecking_ball.pdf
- http://wojipag.pbworks.com/w/file/fetch/144421173/ms_dhoni_full_movie_download_in_tamil_hd.pdf
- http://fotikeralo.pbworks.com/f/expansionary_and_contractionary_fiscal_policy.pdf
- https://uploads.strikinglycdn.com/files/490c51b9-883b-48b5-80ad-070e66155d60/1001_songs_you_must_hear_before_you_die_2017.pdf
- https://uploads.strikinglycdn.com/files/b9728290-413a-4c2a-b5c1-2dd25696a8c0/wemimuwo.pdf
- http://bofamawetodo.pbworks.com/w/file/fetch/144445020/filmywap_south_movie_2018_hindi_dubbed_download.pdf
- http://memofemovo.pbworks.com/f/fivodemigu.pdf
- https://uploads.strikinglycdn.com/files/947fdd8a-6756-4b31-85c8-b04f48057e80/29678226620.pdf
- https://uploads.strikinglycdn.com/files/891312ba-246a-4f36-9af0-1d7c7b7f3ed7/the_trial_kafka_themes.pdf
- http://mapijakemifo.pbworks.com/w/file/fetch/144442380/sedifitivobanogifetu.pdf
- https://uploads.strikinglycdn.com/files/38cd3473-ed2a-4d71-950a-b4839cdcb3da/lezepim.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00013519.bin5e2942d4f85134c9601f4762a43d22d87582a7f2f74ea0d940acad3aa86a5791 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13519 | 5356 bytes |
font_01_sfnt_off0001474b.bin3f1274ec4f5ea99d6f990b78a710ed26130fc573148e789c8421244e0bd0ebc8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1474B | 17504 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.