MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file was detected as a malicious PDF by ClamAV and ML classifiers, indicating it is likely a phishing or trojan delivery mechanism. Several heuristics point to the PDF acting as a link farm, directing users to various compromised or disposable hosting sites, such as http://terezmisszio.eu/files/file/nokixuji.pdf. While no scripts were directly extracted, the PDF structure and heuristic firings suggest it is designed to exploit users by redirecting them to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.5222
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://terezmisszio.eu/files/file/nokixuji.pdf In PDF document text
- https://www.alignerco.ca/wp-content/plugins/super-forms/uploads/php/files/8f65b9763f44efc9f7f35ca88d419992/78934751915.pdfIn PDF document text
- http://www.rolstoellift.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606ca64580540---58780912276.pdfIn PDF document text
- https://asharfilalkulfi.com/ckfinder/userfiles/files/mewudimajomara.pdfIn PDF document text
- http://atut-biuro.com/uploaded/file/mutabitemigakudefelus.pdfIn PDF document text
- http://billedbutikken.dk/articlefiles/file/daliwi.pdfIn PDF document text
- https://studio45.live/wp-content/plugins/super-forms/uploads/php/files/o7ovnk27js5pfj10s0568vq12n/19069728944.pdfIn PDF document text
- https://www.higher-energy-trampolineclub.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607dc2c50cf82---57394585532.pdfIn PDF document text
- https://www.birdandwildlifeteam.com/wp-content/plugins/formcraft/file-upload/server/content/files/160afdfa2a4ddc---biviwazo.pdfIn PDF document text
- http://www.training4thefuture.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/1607c62ac0bf43---defekapisudipali.pdfIn PDF document text
- https://primax.fr/wp-content/plugins/super-forms/uploads/php/files/ukpktr4sicd6opjqli1cm6e0d6/rajebulilux.pdfIn PDF document text
- http://cnkls.com/userfiles/file/1622583728.pdfIn PDF document text
- http://smartcookieacademy.com/wp-content/plugins/formcraft/file-upload/server/content/files/160873d1211f30---65918562630.pdfIn PDF document text
- http://suacona.com/clients/16856/File/16258118875.pdfIn PDF document text
- https://amenagementsoleil.com/wp-content/plugins/formcraft/file-upload/server/content/files/160985eaf5e5dd---45800411054.pdfIn PDF document text
- https://mission4recruitment.com/wp-content/plugins/formcraft/file-upload/server/content/files/160b1674b03dbf---20765838453.pdfIn PDF document text
- http://ampletrekking.com/userfiles/file/26677671190.pdfIn PDF document text
- https://iescolumbus.org/wp-content/plugins/super-forms/uploads/php/files/f0073ae389182ba9a3c851e941235e8b/mojirovizerawonejoxaxajum.pdfIn PDF document text
- https://sketchup360.vn/wp-content/plugins/super-forms/uploads/php/files/be639id0vtlm0v4tcfgpg6a6hb/vibitonoxekokef.pdfIn PDF document text
- http://e-hematologica.com/users//file/75232312094.pdfIn PDF document text
- https://inchirierielicopter.ro/wp-content/plugins/formcraft/file-upload/server/content/files/160bd42bdb3dde---koxokupon.pdfIn PDF document text
- http://fernandopelosini.it/userfiles/files/dufidilapetazi.pdfIn PDF document text
- https://landbondcorten.com/attachment/file/04c27e7d99ef463ad130dfa2517ad5e4.pdfIn PDF document text
- http://acecaalcoy.com/userfiles/file/toporojezuzasekad.pdfIn PDF document text
- https://www.engltg.com/wp-content/plugins/super-forms/uploads/php/files/d5e7f76df3ba30a82b1515337bf41050/pawabisazaxeravinixunukem.pdfIn PDF document text
- https://feedproxy.google.com/~r/skout/mBVl/~3/1KS0DP0cxss/uplcv?utm_term=constitution+of+the+usa+pdfPDF link annotation
Open this report in the interactive analyzer, or submit your own file for analysis.