MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, with one heuristic specifically identifying it as a 'PDF_SEO_LINK_FARM'. The primary URL, 'https://soxebez.ru/123?utm_term=bucaneras+con+plataforma+elastizadas', is likely used for phishing or to host malicious content. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/123?utm_term=bucaneras+con+plataforma+elastizadas PDF link annotation
- https://cdn.sqhk.co/zikegasenar/gXwkvif/crazy_meme_soundboard_2020_mod_apk.pdfIn PDF document text
- http://vekvelo.ru/rca_tablet_dvd_combo_reseto7xuv.pdfIn PDF document text
- https://cdn.sqhk.co/kusewupudin/giy5jcS/learn_english_grammar_step_by_step_youtube.pdfIn PDF document text
- https://cdn.sqhk.co/sisadenev/ORjfMjb/dalelusobikazurebid.pdfIn PDF document text
- http://videohost.space/keurig_owners_manual_descale4j35d.pdfIn PDF document text
- http://italiabeach.space/nintex_workflow_update_created_bykx9oa.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/rokuwapesu/functions_of_bounded_deformation.pdfIn PDF document text
- https://6f12065f-c45d-410c-b048-6ec23fb2b810.filesusr.com/ugd/02ccf7_eb3138dd17e34f77a02eee4be72d463b.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jinotugiwomo/dizum.pdfIn PDF document text
- https://s3.amazonaws.com/fuzafuzeruwit/88016210925.pdfIn PDF document text
- https://7fe6b731-3703-45da-bcbe-faf39b4d3392.filesusr.com/ugd/880a7e_5683b54cb0f645928b2928c2373e921a.pdf?index=trueIn PDF document text
- https://2a085669-a8dc-40eb-b1d3-71ea9d660f60.filesusr.com/ugd/cafc24_abf3bdb66c684506901971758ec02c34.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/551c564d-112b-42ea-a2e0-cc528acde641/black_box_thinking_meaning.pdfIn PDF document text
- https://s3.amazonaws.com/dobikasukavu/jodogolezapo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5cbfc771-a75f-4f2c-80a7-b2b58d64de53/why_is_purple_my_favourite_colour.pdfIn PDF document text
- https://2571d5ef-7130-409a-b87d-c3fd18a83f30.filesusr.com/ugd/71fc55_105b79fe3e4c412fb104945731196872.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/52b2496e-008f-4305-af73-c79bc415e0ae/how_many_calories_are_in_2_crunchy_tacos_from_taco_bell.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e64a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE64A | 5400 bytes |
SHA-256: 746ffff7e08e758a2e7d219c6bc2cda9a3c9f2daaf6c2295862babd8ef5536f8 |
|||
font_01_sfnt_off0000f89b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF89B | 12928 bytes |
SHA-256: 2c7119cf382e45a2a9dbd69da503982256ccc7197bf7614a9bbe980e3eb5eba5 |
|||
font_02_sfnt_off00012277.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12277 | 16204 bytes |
SHA-256: 31aa257675234f953cb39254c73a0c002637764ec2691c470e0912636c3685cf |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.