MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many of which are SEO-optimized and point to other PDF files, suggesting a link farm designed to attract traffic. One of the primary external links, https://irlanc.ru/pbw?utm_term=hacksaw+ridge+full+movie+free+download+openload, is likely a lure for malicious content. The ML classifier and ClamAV detection strongly indicate malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9412
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://irlanc.ru/pbw?utm_term=hacksaw+ridge+full+movie+free+download+openload
- https://cdn-cms.f-static.net/uploads/4446398/normal_6061ed5103c8c.pdf
- https://puraxatelodo.weebly.com/uploads/1/3/7/5/137518437/03364c.pdf
- https://cdn-cms.f-static.net/uploads/4424637/normal_60152df75f42d.pdf
- https://legunumazonum.weebly.com/uploads/1/3/4/4/134455594/7443658.pdf
- https://saxepuxuk.weebly.com/uploads/1/3/4/4/134472003/betopepetizi.pdf
- https://vibejatixulaxa.weebly.com/uploads/1/3/4/1/134131444/regibimu.pdf
- https://zafolixoniwalo.weebly.com/uploads/1/3/5/9/135958226/dowizafarixavir.pdf
- https://static.s123-cdn-static.com/uploads/4454425/normal_5fe02faad0bc6.pdf
- https://vekafikag.weebly.com/uploads/1/3/5/9/135986004/2724321.pdf
- https://fizinizaboz.weebly.com/uploads/1/3/5/3/135304720/5880047.pdf
- https://zipobirin.weebly.com/uploads/1/3/5/3/135386694/316863.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/35c0cb38-6587-47ed-8140-39276716b949/why_is_this_train_going_back_and_forth.pdf
- http://fevawigo.pbworks.com/f/cities_skylines_traffic_mods_download.pdf
- http://nuxawakaxaz.pbworks.com/f/tesla_electric_semi_truck_release_date.pdf
- http://mizunebapod.pbworks.com/f/97024492461.pdf
- https://uploads.strikinglycdn.com/files/968c6fa4-eeba-4529-86d7-f94f70b37759/aviation_maintenance_technician_school_near_me.pdf
- https://uploads.strikinglycdn.com/files/0ddb8d83-875a-4696-bbce-5ff19a222ff7/compaq_presario_cq57_ram.pdf
- https://uploads.strikinglycdn.com/files/eb647747-fecd-495a-acb3-ce307bac94be/557033609.pdf
- http://zeladejan.pbworks.com/f/diagrama_fusibles_jeep_liberty_2005.pdf
- https://uploads.strikinglycdn.com/files/e6ecba91-d049-4171-8a38-601549b91280/magic_treehouse_book_series.pdf
- https://uploads.strikinglycdn.com/files/1ed35f2c-3fd3-4379-a451-0239209303a2/chronicles_of_ancient_darkness_wiki.pdf
- https://uploads.strikinglycdn.com/files/65a74d25-c32a-4235-b2a2-63537b2a01fa/62580462218.pdf
- http://mepijewaj.pbworks.com/f/rodrigo_amarante_tuyo_meaning.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d5b2.binbdbc3aa8bec6fd2dae5a802558935c3566d1a96a778cb915c0340a58c0ea6101 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD5B2 | 5652 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.