MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous external links, many of which are likely part of a link farm designed to improve search engine rankings for scam-related keywords. The primary malicious URL identified is "https://crophysi.ru/award?keyword=psaume+pour+attirer+largent+pdf", suggesting a phishing or financial scam lure. While no scripts were extracted, the PDF structure and extensive linking indicate a malicious intent to redirect users to potentially harmful websites.
Machine Learning
- Nyx PDF Classifier malicious score 0.6073
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/award?keyword=psaume+pour+attirer+largent+pdf
- http://dasaburaxad.22web.org/josifewuxobawirebu.pdf
- http://puwonasomoso.22web.org/gojosekewubojetev.pdf
- https://uploads.strikinglycdn.com/files/b47be556-dfaa-4899-b419-7c6eed7bce39/nj_motor_vehicle_driver_testing_center.pdf
- https://uploads.strikinglycdn.com/files/51097810-f52b-46fd-b80d-71f4882dd26f/how_many_calories_in_arbys_potato_cakes.pdf
- https://uploads.strikinglycdn.com/files/474a70ed-6e28-40d5-8642-c309c4af9188/63863953448.pdf
- https://s3.amazonaws.com/nuxepiduded/bubble_shooter_5_apkpure.pdf
- https://uploads.strikinglycdn.com/files/78dcb7ac-77bf-4043-86ae-09faecd2b393/21828601594.pdf
- https://s3.amazonaws.com/xamibebulosaxug/disney_world_parade_2020.pdf
- https://uploads.strikinglycdn.com/files/c7887218-b06c-49fc-b1c8-ed9fdf6ae7d2/50960211547.pdf
- https://s3.amazonaws.com/xidulumexi/41459735260.pdf
- https://uploads.strikinglycdn.com/files/eec4fca5-0451-40d5-a910-ef03b53cc6d0/what_is_free_parking_in_monopoly_electronic_banking.pdf
- http://polopurug.rf.gd/67650553840.pdf
- http://xopalotopobeda.rf.gd/ledelopakedefuxavijaxu.pdf
- https://34ea5197-a9e9-4ba5-99bb-a7dd7aeba98b.filesusr.com/ugd/234f58_16cc0834e1e04d5396c48cf785ce1f89.pdf?index=true
- https://uploads.strikinglycdn.com/files/62dc385c-247c-41ad-9b96-a0a69dd6d3d3/what_is_ap_studio_art_2d.pdf
- https://s3.amazonaws.com/nerugiraxura/zuzetuz.pdf
- https://s3.amazonaws.com/lepefi/loan_application_form_sample_word.pdf
- https://69b12d55-863e-458e-a545-ad358ed6bd1a.filesusr.com/ugd/a9642c_5ca60950451c45bf8e6e866a1d37bca0.pdf?index=true
- https://uploads.strikinglycdn.com/files/f05ba448-771c-4efb-bdf6-4c90b46e7a38/41689675088.pdf
- https://s3.amazonaws.com/zoromexemuzid/firanigujexow.pdf
- https://s3.amazonaws.com/bagisi/37088224621.pdf
- https://s3.amazonaws.com/bevarolimesale/it_s_a_wonderful_afterlife_movie.pdf
- https://s3.amazonaws.com/xumakomowi/two_letter_blends_phonics_worksheets.pdf
- https://s3.amazonaws.com/tobobowu/sony_str-k502p_service_manual.pdf
- https://uploads.strikinglycdn.com/files/5c15398e-f1e6-4ebf-9ad1-c15d366120df/how_to_replace_viking_range_knobs.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.