MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a mass of external links, with one prominent link disguised as a product price. This suggests a link farm or phishing lure. ClamAV and ML classifiers also flagged this PDF as malicious, indicating a phishing or trojan distribution attempt. No scripts were extracted, but the presence of numerous external links points towards a malicious intent to redirect users.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/strik?utm_term=echo+gt+225+trimmer+price PDF link annotation
- https://cdn.sqhk.co/dafibuxoki/ficgds5/dizibokuzibowafoz.pdfIn PDF document text
- https://cdn.sqhk.co/dasisogi/Zdgdrgf/zisubije.pdfIn PDF document text
- https://cdn.sqhk.co/wusirilunoko/highcEz/vizomupotipafop.pdfIn PDF document text
- https://cdn.sqhk.co/vegubefeno/hjibUjG/sakasozasofudixigonemi.pdfIn PDF document text
- https://cdn.sqhk.co/fewoxenovof/bbpigja/67519861884.pdfIn PDF document text
- https://cdn.sqhk.co/laruxibut/qjc3ghS/the_sims_freeplay_quest_life_dreams_and_legacies.pdfIn PDF document text
- https://cdn.sqhk.co/wepiwojeta/ij3hhgc/magic_sing_karaoke_machine_reviews.pdfIn PDF document text
- https://cdn.sqhk.co/jadidawa/Cblhb0z/facebook_login_help_call.pdfIn PDF document text
- https://cdn.sqhk.co/xewimoziwuvo/Z1n8QtW/bubble_tea_kit_for_home.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/8fe842df-9003-4915-a855-733438dd6362/qcy_qy8_bluetooth_pairing.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b0fc095-f51c-4088-9226-c9ddb9822302/hl-2270dw_drum_error.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4cd29b9f-da2b-457e-a560-771f80022190/hp_laserjet_p3015_driver_for_windows_7_32_bit_free_download.pdfIn PDF document text
- https://71fc3d66-43b2-4ae0-adc3-dfbcdf8b5360.filesusr.com/ugd/6605a0_19346dd7cc8f4859a75f9d605dd7f6d2.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/10fa8b16-be47-4d69-a776-f4d77864077f/python_learning_app_for_free.pdfIn PDF document text
- https://f579be4a-c2ec-451d-94ee-532237c06880.filesusr.com/ugd/9f6a24_5304b8c824bb4e1bbaae49e2d122e4be.pdf?index=trueIn PDF document text
- https://091a8774-b5bd-4fb7-8799-8d1ca0ca44ad.filesusr.com/ugd/8716ab_4997fe64e2ed483eb741e9f1ffd549bb.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/d313dd74-ffac-49ac-b215-63bf0b2883c3/nojiz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7158c287-a299-4528-8e0b-889b2b72f4f0/lifetime_basketball_hoops_customer_service.pdfIn PDF document text
- https://c809e8a6-5bdf-489d-8d8c-df4e4638a115.filesusr.com/ugd/45a296_b9600d34a97d4f4b951156f983da4f6c.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/c1f443ef-da68-44db-9d0d-eb21f25481a8/61377851956.pdfIn PDF document text
- https://006b50d4-ad2a-4261-8279-34542eb0d7b0.filesusr.com/ugd/a640e9_3b4b81fad630468b8cf45bc73cb8d85d.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/a397b501-cbb3-4bb1-a897-32f70e2c1f9a/rapid_diagnostic_test_id_now_results_in_less_than_24_hours.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7568891-451a-469f-b65b-84e085f42a6f/73993013864.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8e24304-f361-4eeb-8d05-b06b029c902c/construction_project_manager_salary_austin_tx.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/032c4b22-db80-417a-b72d-8d22163af8b6/option_trading_strategies_book_india.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ddc3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDDC3 | 5140 bytes |
SHA-256: 58f473496166b0cacc527b627ca74b39385dd9407eb509cc8e8310ae0523b60c |
|||
font_01_sfnt_off0000ef29.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF29 | 10964 bytes |
SHA-256: 26d394ce98ddfd3cca3913aade682b9002ceef9a95cf0e2276578710081f9092 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.