MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with a significant number pointing to potentially malicious domains, as indicated by the PDF_SEO_LINK_FARM heuristic. The ML classifier and ClamAV detection strongly suggest malicious intent. While no scripts were explicitly extracted, the presence of many external links suggests a phishing or malware distribution attempt, likely leveraging embedded JavaScript or other PDF exploits to redirect users.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/strik?utm_term=the+idea+of+communism+3 PDF link annotation
- http://mosoxiliraf.iblogger.org/tabloid_newspaper_template_indesign_free.pdfIn PDF document text
- https://sanijala.weebly.com/uploads/1/3/4/8/134889677/topejuxaf.pdfIn PDF document text
- https://cdn.sqhk.co/joxopejufito/klhc05w/chennai_super_kings_team_2020_players_list.pdfIn PDF document text
- https://daxixulo.weebly.com/uploads/1/3/1/0/131070202/vijixota.pdfIn PDF document text
- https://bonopabugo.weebly.com/uploads/1/3/4/5/134581776/bibulonodume_jikalo.pdfIn PDF document text
- http://wedavinonuvovu.22web.org/ultrasound_guided_biopsy_cpt_code_2019.pdfIn PDF document text
- https://cdn.sqhk.co/viwiratoposu/CYGujbA/rixazomegamedu.pdfIn PDF document text
- https://cdn.sqhk.co/nawamuzimosu/ajcibhb/69062861384.pdfIn PDF document text
- https://mikexilip.weebly.com/uploads/1/3/4/8/134868220/4709167.pdfIn PDF document text
- https://cdn.sqhk.co/merabuvi/hfgcvel/13535924466.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/vukujidor/vevalagaloliwagudozorumif.pdfIn PDF document text
- https://s3.amazonaws.com/palevijuj/cognitive_behavioral_therapy_cbt_examples.pdfIn PDF document text
- https://9ef77391-fdd1-48d8-ba15-364b07375333.filesusr.com/ugd/ebefdf_86a87cda8ff84cdcb86c9d50b2e40a34.pdf?index=trueIn PDF document text
- http://peforiroli.epizy.com/mozuwegodemizuwen.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a48394ee-5f04-4299-94fa-47f20b71e51d/90291209048.pdfIn PDF document text
- https://7be326e9-a1fd-4761-a84c-83c904220737.filesusr.com/ugd/37e945_2c2ba56e77bf40df9b3f9f454d0a853a.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/rurovikejigibu/99687237950.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0a67e1ee-3363-469b-983f-02efa0c95c24/keurig_k400_2.0.pdfIn PDF document text
- https://s3.amazonaws.com/fojaxexino/kabewapinuzokesewaja.pdfIn PDF document text
- https://276658a2-c6b1-4a23-bc3b-56c82bce4278.filesusr.com/ugd/f9448a_634e1307a4ba41daae9fced114ab99b4.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tafogusegabomu/b._o._t_apk_mod.pdfIn PDF document text
- https://356bbf58-84af-4bff-99a9-d03346e46411.filesusr.com/ugd/b5472a_152e84d756744e89ae4283d7560d9d1d.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00019188.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19188 | 5048 bytes |
SHA-256: 474bc8530b3876ed1bd36d2ba951242e66d92a46c5ec0d1b6ae452473ab5e464 |
|||
font_01_sfnt_off0001a290.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A290 | 11456 bytes |
SHA-256: c55f2cd30be62d420ef4e1bd1b279ea2b6030032dd6c0cc7274b3bba5f0adc3f |
|||
font_02_sfnt_off0001c8c1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C8C1 | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.