MALICIOUS
252
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF file functions as a lure, masquerading as a free brand identity manual template to entice users to click on malicious links. It employs a link farm strategy, directing users through a redirector to further malicious PDF content, likely to download additional payloads or phish for credentials. The ML classifier and ClamAV detection strongly indicate malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.7516
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/aws?utm_term=brand+identity+manual+free+template In PDF document text
- https://site-1177113.mozfiles.com/files/1177113/47155742957.pdfIn PDF document text
- https://cdn.sqhk.co/numokafas/ieifhhx/snowball_drag_the_balls_in_a_snowball_fight.pdfIn PDF document text
- https://site-1171661.mozfiles.com/files/1171661/56399671060.pdfIn PDF document text
- https://cdn.sqhk.co/delojiwuguj/yNHfidI/89009210866.pdfIn PDF document text
- https://site-1166673.mozfiles.com/files/1166673/disposable_face_masks_near_me_for_sale.pdfIn PDF document text
- https://cdn.sqhk.co/pegidago/s3pKEhc/50904466920.pdfIn PDF document text
- https://site-1175580.mozfiles.com/files/1175580/parezuruluromemirolozeko.pdfIn PDF document text
- https://cdn.sqhk.co/bovokolel/dRahghi/90511066466.pdfIn PDF document text
- https://cdn.sqhk.co/zarudaletok/ucgcBQO/find_my_landroid_gps.pdfIn PDF document text
- https://dawemewi.weebly.com/uploads/1/3/4/7/134747996/923376.pdfIn PDF document text
- https://cdn.sqhk.co/sileluzorupo/hehegcC/mhw_builder_lite.pdfIn PDF document text
- https://cdn.sqhk.co/kerutadit/eihghge/winter_warlock_quotes.pdfIn PDF document text
- https://cdn.sqhk.co/gufezitaxato/2ExaSyq/nuzawavizavo.pdfIn PDF document text
- https://s3.amazonaws.com/tutasujal/18374120270.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.