MALICIOUS
184
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains a large number of external links, many pointing to disposable domains, suggesting a link farm used for SEO manipulation or to redirect users to malicious sites. The presence of embedded URLs and the overall structure strongly suggest this PDF is part of a phishing or malware distribution campaign.
Machine Learning
- Nyx PDF Classifier malicious score 0.8358
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/strik?utm_term=what+is+c3+c4+and+cam+plants PDF link annotation
- http://alexandreablog.com/dezabominizabetexenusesizdfnb3.pdfIn PDF document text
- http://beviluxenumiliv.mywebcommunity.org/vizio_m65-c1_wont_turn_on.pdfIn PDF document text
- https://nobaloledajasom.weebly.com/uploads/1/3/2/6/132681012/9028482.pdfIn PDF document text
- http://azalea.store/32472154746giyjq.pdfIn PDF document text
- http://interbankdigital.com/6820788617473q35.pdfIn PDF document text
- https://gurugurib.weebly.com/uploads/1/3/1/3/131384113/de00dd3f8eb.pdfIn PDF document text
- http://lizuzezusad.medianewsonline.com/anthropology_optional_paper_2020.pdfIn PDF document text
- http://redpandarecycling.com/64289288477qh5c1.pdfIn PDF document text
- http://gomigapujasep.sportsontheweb.net/kebuzalaluleki.pdfIn PDF document text
- http://tersq.space/biriba_card_gamewgwtl.pdfIn PDF document text
- https://livadekawa.weebly.com/uploads/1/3/5/3/135317457/vijopesuripum.pdfIn PDF document text
- https://webexozaputer.weebly.com/uploads/1/3/2/6/132681415/vugusoxoluzet.pdfIn PDF document text
- http://wejowadizabudex.mypressonline.com/business_plan_for_startup_business_template.pdfIn PDF document text
- http://xonigej.mypressonline.com/fekorerabakufijupibedi.pdfIn PDF document text
- https://doxekitonibi.weebly.com/uploads/1/3/5/3/135326555/sebivikimelapiw.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://jasesazolaf.myartsonline.com/gojom.pdfIn PDF document text
- http://bidusibebawuz.onlinewebshop.net/rajikasimamode.pdfIn PDF document text
- http://tiwatimab.atwebpages.com/how_do_i_set_my_dvr_remotely_xfinity.pdfIn PDF document text
- https://781b76d0-895c-4d4e-90f3-491762fad171.filesusr.com/ugd/894952_71e24572c7004284aafba057413d1785.pdf?index=trueIn PDF document text
- https://486bfeb6-87d8-40a3-812f-3449909c9139.filesusr.com/ugd/81b904_1d239466f5b647eb9e11951c3a4a2743.pdf?index=trueIn PDF document text
- https://9e77dbea-16d6-438e-9859-4a68c5388828.filesusr.com/ugd/3225da_41943a155fe148e7a935e9abb3507a5c.pdf?index=trueIn PDF document text
- https://254b3b0b-79dc-4992-827c-fd4bb3db3178.filesusr.com/ugd/f515ca_31a3117c98b34fe48b7fed1bfc31f83c.pdf?index=trueIn PDF document text
- https://081e7fb2-604d-424b-9b75-a58d54a71a44.filesusr.com/ugd/abd6ea_3518a4a267dc4ffc98ee92e764df54c4.pdf?index=trueIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000deda.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDEDA | 5484 bytes |
SHA-256: b81bb725cfeddea87acdba230e507358e036dcaecb582734484b3b508d7a399d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.