MALICIOUS
186
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/award?keyword=how+to+read+a+diehard+12+volt+battery+charger PDF link annotation
- https://feposejixadolo.weebly.com/uploads/1/3/4/7/134744373/balaxoxakas.pdfIn PDF document text
- https://ragurinibobuma.weebly.com/uploads/1/3/3/9/133986244/dadidi-dazofepofu-vedoxatugujen.pdfIn PDF document text
- https://kazubuxupopa.weebly.com/uploads/1/3/2/6/132696048/luzozutawep.pdfIn PDF document text
- https://janirakuvofubej.weebly.com/uploads/1/3/4/7/134734148/5873755.pdfIn PDF document text
- https://wisamifogafize.weebly.com/uploads/1/3/4/5/134598642/530b2c0d8d7.pdfIn PDF document text
- http://siwosupegejolop.medianewsonline.com/how_to_write_essay_about_myself_example.pdfIn PDF document text
- https://gimitowogavu.weebly.com/uploads/1/3/4/7/134746983/loxijog-tarur.pdfIn PDF document text
- https://vixagudidiw.weebly.com/uploads/1/3/0/7/130775505/2223880.pdfIn PDF document text
- http://rowaxamapitowej.getenjoyment.net/17708744585.pdfIn PDF document text
- https://dusonomikeka.weebly.com/uploads/1/3/2/6/132695238/95755771a4cba25.pdfIn PDF document text
- https://dilisuri.weebly.com/uploads/1/3/5/3/135326113/ritagedorolofawuk.pdfIn PDF document text
- https://matisosu.weebly.com/uploads/1/3/2/6/132681513/xunoguj-rawetax-patudid-sosaximo.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://1bf92926-22d0-44a1-94fb-b51843c41cd5.filesusr.com/ugd/762c1a_7debd33fc1944a8295ae74d041f94014.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7f5b8200-d5b9-4868-9765-0aceffbc6179/95667399845.pdfIn PDF document text
- https://f3dbd103-cf2f-44fc-b0ad-c9004dc38af2.filesusr.com/ugd/1f2646_139434937b5445bc853a26241a1df731.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/c188aa09-acb5-4cfd-9e97-c4a8d12fb857/armitron_45_7012_alarm.pdfIn PDF document text
- http://xekazaz.myartsonline.com/51192354455.pdfIn PDF document text
- http://gekolutewubel.myartsonline.com/mototijupuwekeg.pdfIn PDF document text
- https://b1706aec-e9b1-4c6c-9a93-f14ef4a1c402.filesusr.com/ugd/3b47cb_3e4fa4fb3bb9402088828db84d1565ce.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/981a55f2-1536-445f-9be0-fb76af24c666/rinenir.pdfIn PDF document text
- https://5f8b0e40-2141-4341-98ab-6145db4b8156.filesusr.com/ugd/2072cd_88d72b705a7547a9838a1c8c806cf14f.pdf?index=trueIn PDF document text
- http://namepafubi.atwebpages.com/omron_bp742n_5_series_review.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ccff.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCCFF | 5560 bytes |
SHA-256: 505f7aa576a1177649bdc66bbff861bdb7ea3b3250fc985d35655403f22e552a |
|||
font_01_sfnt_off0000e004.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE004 | 9800 bytes |
SHA-256: 263290e231e16cca0e9c4600fe69724519acbd48435738066879a75144b77734 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.