MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ClamAV and ML classifiers, and contains a large number of external links, characteristic of a link farm or phishing campaign. The document body, though heavily obfuscated, suggests a lure related to educational materials. The presence of embedded URLs indicates an attempt to redirect the user to potentially malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.7291
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://medvor.ru/pbw?utm_term=worksheet+on+nouns+for+class+6
- https://static.s123-cdn-static.com/uploads/4411493/normal_5fcebe75a9578.pdf
- https://cdn-cms.f-static.net/uploads/4418379/normal_606d2d0170ac9.pdf
- https://cdn-cms.f-static.net/uploads/4408990/normal_605fd4882fee0.pdf
- https://cdn-cms.f-static.net/uploads/4390071/normal_602e0ebfcbeae.pdf
- https://cdn-cms.f-static.net/uploads/4465277/normal_5fd163cfcbff7.pdf
- https://cdn-cms.f-static.net/uploads/4383327/normal_5fd844b7cfd8b.pdf
- https://cdn-cms.f-static.net/uploads/4412763/normal_60c13abea80a4.pdf
- https://cdn-cms.f-static.net/uploads/4416928/normal_60181cdc799e5.pdf
- https://cdn-cms.f-static.net/uploads/4383807/normal_601917b255ba0.pdf
- https://gaburizopa.weebly.com/uploads/1/3/1/4/131438784/8bdf057f60a.pdf
- https://cdn-cms.f-static.net/uploads/4383804/normal_602c826951b8c.pdf
- https://static.s123-cdn-static-d.com/uploads/4415080/normal_60b71d3d3aeb8.pdf
- https://xuwazoleludike.weebly.com/uploads/1/3/4/3/134325396/8f73dd47.pdf
- https://cdn-cms.f-static.net/uploads/4370555/normal_6014dba99d071.pdf
- https://static.s123-cdn-static.com/uploads/4481065/normal_5ff7d987b3b72.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://xifatarege.pbworks.com/w/file/fetch/144684450/my_t_mobile_not_working.pdf
- https://uploads.strikinglycdn.com/files/f417c3e1-c0c1-4204-9bad-dd5423a8a0a0/lucky_leprechaun_half-life_problems_answer_key.pdf
- http://poforezufovu.pbworks.com/w/file/fetch/144459528/similarity_and_proportions_worksheet_answers.pdf
- https://uploads.strikinglycdn.com/files/b96efe03-a36d-47f9-a0e3-d27ab5cd59c0/68383494383.pdf
- https://uploads.strikinglycdn.com/files/bbb79a30-e8c2-4126-b01e-4407895592fb/6615190416.pdf
- http://gosirata.pbworks.com/w/file/fetch/144708165/jolobutigovivif.pdf
- http://kedetuwi.pbworks.com/f/florida_drivers_license_template_psd_free.pdf
- https://uploads.strikinglycdn.com/files/7565c629-537c-4b71-8105-f4f465271dbb/8897226235.pdf
- http://mituxap.pbworks.com/w/file/fetch/144966246/beauty_plus_old_version_2019_download.pdf
- https://uploads.strikinglycdn.com/files/b1a15769-3297-4343-ba78-45da80a25d4b/is_operations_research_hard.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e701.bin0cf65b3d53a7680e26351ee0857f87e6e47fdce398d52481e38893af52668722 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE701 | 5200 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.