MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ClamAV as Pdf.Phishing.Trojan and a machine learning classifier indicated a high probability of maliciousness. It contains a large number of external links, suggesting a link farm or SEO manipulation tactic. The primary malicious URL identified is zajinet.ru, which is likely used to host or redirect to further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/123?utm_term=amathanna+sujan+fernando+song PDF link annotation
- http://theboldpantsproject.com/boss_fs-6_footswitch_reviewr8dkt.pdfIn PDF document text
- http://mavito.online/6267709972oavn5.pdfIn PDF document text
- http://makamar.online/ludigifemuxogavolynzyo.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/julexekubaj/pijizaganumonez.pdfIn PDF document text
- https://a0e9597c-cfbb-4fc1-b0e0-47ed6411b148.filesusr.com/ugd/24269e_43511d212e0c43b580033d3f5f3fda21.pdf?index=trueIn PDF document text
- https://b6de9e3f-c562-4e05-b5ee-70895c8060ae.filesusr.com/ugd/3801ff_c0e2d6134b024fa5a90c3a4252cb9313.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jefobexapulow/wolfgang_puck_rice_cooker_recipes_macaroni_cheese.pdfIn PDF document text
- https://30de3caf-c510-4ce9-8691-b8280dc60d9b.filesusr.com/ugd/4980ee_dd274d47f8ba495ca2dad5b0063ee229.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/dusubonifu/hip_hop_dance_video_song_mp4.pdfIn PDF document text
- https://s3.amazonaws.com/bokelur/fepenoxemabowowufe.pdfIn PDF document text
- https://76df98a8-3e94-4eee-a6f5-23e1de06049b.filesusr.com/ugd/54c74c_ae6880f19f0f4df597b8f3632c773ee1.pdf?index=trueIn PDF document text
- https://16fd3b15-5541-4454-9538-28daacbf497e.filesusr.com/ugd/e32576_e52264e9b8d54f93b919e6f7b004e73b.pdf?index=trueIn PDF document text
- https://4d75d3c9-3a4d-4df6-84ab-e48b83d723e5.filesusr.com/ugd/cdb50c_78a028a64bb24000b4dbfa42f26bded9.pdf?index=trueIn PDF document text
- https://40e214c1-1950-44e8-a195-e2c6eeb23253.filesusr.com/ugd/a517f4_d8a0736254b847fc85552272d1fab688.pdf?index=trueIn PDF document text
- https://b2f02272-107b-4032-aafc-54cdd6265a16.filesusr.com/ugd/6cf392_de9fe77280394177b05b4e8198d93f69.pdf?index=trueIn PDF document text
- https://0e733887-fd72-4d21-8b10-0a39cafbc931.filesusr.com/ugd/1e4d10_7ff4981d36304a61976552ad13f671a6.pdf?index=trueIn PDF document text
- https://569e8712-2873-4b93-a654-ea71b6b809e3.filesusr.com/ugd/345929_1617c4275c9d4c5faca5a605c109e29f.pdf?index=trueIn PDF document text
- https://178c1879-e916-404b-9861-a2431bd0f83a.filesusr.com/ugd/1aace6_eb9fc8282c3f4fc29d2035585c6049e9.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/bejokazemur/faguw.pdfIn PDF document text
- https://ebd157e6-94c3-4ff5-b3ab-516f87acbde6.filesusr.com/ugd/e87473_6eeb52ed58e84895bfa0ad8642a1b896.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/futamo/katalevunojabebagunozisa.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d63f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD63F | 5352 bytes |
SHA-256: 88f0b083715f6f6aa8d8d55f10cdd71ef091f566f72920ff6a0f1488dbdd4d13 |
|||
font_01_sfnt_off0000e84f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE84F | 11384 bytes |
SHA-256: c4729a66abb28bbd139fa63ec7820412b20c8ae68bec83acb23236e5c2439a56 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.