MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/award?keyword=all+thread+size+chart+pdf PDF link annotation
- https://sixalusizefew.weebly.com/uploads/1/3/1/3/131378898/e9cfb3.pdfIn PDF document text
- https://cdn.sqhk.co/vuxevabuvix/fgjtA0p/pibuduraferakalajijuvose.pdfIn PDF document text
- https://cdn.sqhk.co/mudemodox/aFiaJuY/kasipikiwisaluvo.pdfIn PDF document text
- https://sexanugujox.weebly.com/uploads/1/3/4/2/134266496/rolipubewaj.pdfIn PDF document text
- https://cdn.sqhk.co/ledivure/gdjg9hc/41960482075.pdfIn PDF document text
- https://cdn.sqhk.co/mujawiru/jh3JDPx/australian_curriculum_information_report_rubric.pdfIn PDF document text
- https://cdn.sqhk.co/mupalewefe/EHDieNi/wokefewig.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/wavunot/what_type_of_government_did_the_soviet_union_have_during_world_war_2.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/571d0691-f3c1-48ed-85ea-bb4e9e410b7e/85772891288.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/82434f0e-451c-4651-ac3c-8b3483419cde/how_to_cleanse_scalp_at_home.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7a19e323-2ac6-463c-b498-3391ae510222/97183161394.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/590e935f-9d4c-491a-80ce-6de669b2e407/the_narrative_life_of_frederick_douglass.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7701cf0-1976-4815-8a43-228b8ab3752e/wikugozaf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1c2f69aa-5cee-4a9f-9d92-7b12fb3c9577/how_much_to_hire_a_carpet_cleaning_machine.pdfIn PDF document text
- https://s3.amazonaws.com/suxiweke/51427044816.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/174edee3-5af8-4e83-bfb9-2223485af6bc/sejizajoguzeg.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/46fa0d9f-0635-4889-a3a2-e6fee62d9781/toro_personal_pace_mower_drive_cable.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/25288961-7939-4fa5-aa60-1af86d81575a/16460712781.pdfIn PDF document text
- https://s3.amazonaws.com/fonazuzixagizir/91719473335.pdfIn PDF document text
- https://s3.amazonaws.com/xubifupi/massey_ferguson_135_for_sale_yorkshire.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0f941340-f3c3-4214-8c74-9b5abfe6603b/fumamujomawanifisofi.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001082c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1082C | 5284 bytes |
SHA-256: 75b8d92bf89974e80d824f0c725d2229e40e23a45b212335403037660906370f |
|||
font_01_sfnt_off00011a2a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11A2A | 10332 bytes |
SHA-256: 37372bb29c18f3e9224460b5dc2ebecf1721165d09d46420355550aa8b74522b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.