MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF file was flagged by multiple heuristics as malicious, including a critical ClamAV detection and an ML classifier. It contains a link farm pointing to compromised WordPress upload storage, likely intended to redirect users to phishing or malware sites. The embedded URLs and the nature of the heuristics suggest a phishing or credential harvesting campaign.
Machine Learning
- Nyx PDF Classifier malicious score 0.9758
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ketchas.ru/uplcv?utm_term=stick+warfare+blood+strike+codes+apk PDF link annotation
- https://dusunceokulu.net/resimler/files/32770431297.pdfIn PDF document text
- https://fentesmakina.com/paket/upload/files/nevetosesitenaledasedu.pdfIn PDF document text
- http://afghansolar.com/userfiles/file/19809336086.pdfIn PDF document text
- https://agrotehholding.ru/wp-content/plugins/super-forms/uploads/php/files/acfb3df22e18b9adea80a2987b343fd7/89491141764.pdfIn PDF document text
- http://www.ebsjosepirosamaria.com/wp-content/plugins/formcraft/file-upload/server/content/files/16077a5717ba61---nopifafazipepojijitu.pdfIn PDF document text
- http://palenice.net/obrazky_clanky/file/dixidirufotetabaf.pdfIn PDF document text
- https://adiwirawanbali.com/wp-content/plugins/super-forms/uploads/php/files/49baa7ff5458e92f59faeca7ce0ec4d1/gobezalinadanejodof.pdfIn PDF document text
- http://www.kevinbrooks.ca/wp-content/plugins/formcraft/file-upload/server/content/files/1606fce3e79e70---govavikuzujigojebevaminen.pdfIn PDF document text
- http://bjoybrands.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607f59fbdf906---polijinudonerav.pdfIn PDF document text
- https://retentionstudentexperience.com/wp-content/plugins/formcraft/file-upload/server/content/files/160ca0b612079e---44570039638.pdfIn PDF document text
- http://www.training4thefuture.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/1608c425a1f793---bozeniwilekuna.pdfIn PDF document text
- http://www.dadosefatos.net.br/wp-content/plugins/formcraft/file-upload/server/content/files/16084c68219203---74950650923.pdfIn PDF document text
- http://www.adatechotomasyon.net/wp-content/plugins/formcraft/file-upload/server/content/files/160a572a4cd1ef---tafoxi.pdfIn PDF document text
- http://yngc.ru/admin/ckfinder/userfiles/files/72064270290.pdfIn PDF document text
- http://vincityhomes.vn/wp-content/plugins/super-forms/uploads/php/files/ckr4glsu69bf0js01n0dvikjlh/67687181155.pdfIn PDF document text
- http://www.altrus.pl/wp-content/plugins/formcraft/file-upload/server/content/files/160b50496d7c12---61909756008.pdfIn PDF document text
- http://alltechsro.cz/files/numelilosasigoji.pdfIn PDF document text
- https://vdbergelectro.nl/wp-content/plugins/super-forms/uploads/php/files/58288547a8e558cf68d49cd3fdffe057/56729600857.pdfIn PDF document text
- http://bjsprt.com/uploadfile/file///2021052905355687.pdfIn PDF document text
- http://maxkbm.com/clients/2/28/28fcaa936e2ecbeb6c9a97ea0f1ab253/File/fujaguloxivupuvizodurura.pdfIn PDF document text
- https://opuntia.eu/wp-content/plugins/super-forms/uploads/php/files/3f40b752f0052c6750cbdfd880c8ca46/63143475760.pdfIn PDF document text
- https://sgpropertylawyers.com/wp-content/plugins/super-forms/uploads/php/files/230a1e924318bad15e8beae988ac8412/3248350251.pdfIn PDF document text
- http://rszm88.com/upfolder/e/files/20210705165555.pdfIn PDF document text
- http://raunlarose.us/wp-content/plugins/formcraft/file-upload/server/content/files/1608fda23704d0---76045836004.pdfIn PDF document text
- http://agrilaui.com/userfiles/file/92033396818.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.