MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, suggesting a link farm or phishing attempt. The ClamAV detection and ML classifier strongly indicate maliciousness, specifically related to phishing. The embedded URL and the document body's deceptive content point towards a lure to download content, likely leading to further malicious activity.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/strik?utm_term=hansel+and+gretel+2007+full+movie+download PDF link annotation
- https://cdn-cms.f-static.net/uploads/4490272/normal_60468c0783b7f.pdfIn PDF document text
- https://pajenugemin.weebly.com/uploads/1/3/4/6/134677616/zipobaj.pdfIn PDF document text
- https://cdn.sqhk.co/nomevagume/dibja6S/warpage_measurement_system_and_methods.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485799/normal_606a0eb06170f.pdfIn PDF document text
- https://cdn.sqhk.co/zegareguw/3o0Ahi0/migerivosojujazazujugalax.pdfIn PDF document text
- https://cdn.sqhk.co/dejegekonula/aif21Sc/black_survival_adriana.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4483851/normal_5fd7361228b1a.pdfIn PDF document text
- https://zapineri.weebly.com/uploads/1/3/4/7/134707132/b54f3da5.pdfIn PDF document text
- https://cdn.sqhk.co/pelebitebi/Cjbichj/lyn_the_lightbringer_combine_guide.pdfIn PDF document text
- https://cdn.sqhk.co/norowitidot/chiihXo/pool_table_pocket_size.pdfIn PDF document text
- https://cdn.sqhk.co/jotenitix/hEIji02/lego_city_undercover_color_swapper_locations.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/47beb739-f937-4f70-b0f9-faa102c82c73/womajeloxazigojasulijexej.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab748a9c-00b0-4035-bfaa-7fe0932a651c/citizenship_in_the_nation_requirements.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/401c6fa4-2b71-44a4-aa4f-58a5dd9155af/performance_evaluation_definition_journal.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3cd6f710-75f1-4405-9743-54c5d3d7fc2a/sekefofawarokilabodu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/19dbee43-0b5b-48da-9545-d802894d1109/the_storyteller_jodi_picoult.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2a7c7bbe-cfe8-4bbe-ab11-d84c17889ec0/shadow_and_bone_tv_series_trailer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e1d43b6c-06fb-4a03-b416-da1d1d297204/buparekuzivitatup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c1d826ba-a9dd-4185-b031-ca5cb0c5d959/zaxofajodowunemul.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e7a266dd-1b94-488f-a316-0cd4887f54b9/30230294971.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/896e651f-1c3f-4678-ac7e-5b61fc27dfbe/31432197495.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010d93.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D93 | 3704 bytes |
SHA-256: cf544c203591dae5bc813ef76e714c40f1e3e1708f701038ff57ce02912d4bf7 |
|||
font_01_sfnt_off00011adc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11ADC | 5576 bytes |
SHA-256: b021c83c7ed56c1fad7ba005e12d08763b4ecef113fd5592407892118861406c |
|||
font_02_sfnt_off00012dc9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12DC9 | 11880 bytes |
SHA-256: 5b8dad4e8a427c7f46563397a28d5b444d0183daaf4ee5a3464b308496d988c1 |
|||
font_03_sfnt_off000155be.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x155BE | 4324 bytes |
SHA-256: cd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.