MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an embedded URI pointing to a URL that promises a "temple run 2 money hack". This, combined with the ML classifier and ClamAV detection, strongly suggests a phishing or malware distribution attempt. No scripts were extracted, but the presence of the malicious URL is the primary indicator of compromise.
Machine Learning
- Nyx PDF Classifier malicious score 0.9920
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://queure.ru/pbw?utm_term=temple+run+2+money+hack PDF link annotation
- https://cdn-cms.f-static.net/uploads/4481834/normal_6045ffc899828.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446390/normal_6051429463cd1.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/99fc1cfd-a226-4078-a7d9-aed2f93c63b9/95042597140.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/62322eac-f5d9-4e6b-be26-e6f59145f8bb/how_long_does_it_take_to_charge_the_mophie_powerstation_xxl.pdfIn PDF document text
- http://refarumiba.pbworks.com/w/file/fetch/144582297/what_is_samr_model_of_technology.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1dd559d4-0500-44e8-8df9-2abc0224383f/ver_el_mundo_de_sofia_pelicula_completa_en_espaol_latino_gratis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/46c91a20-c820-46d2-9538-1bd55d386c0c/25738702296.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c7b7328d-a80e-49b8-a2c4-e682bb4f74f1/are_sat_subject_tests_the_same_as_ap_tests.pdfIn PDF document text
- http://xoxafepapesu.pbworks.com/w/file/fetch/144424116/plantilla_libro_diario_para_imprimir.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bcc00b33-519f-4821-b86b-a78b4feffd29/17247086207.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f1e2e88a-2979-4c9b-85b0-7b07d25462bb/1086583429.pdfIn PDF document text
- http://dejimebez.pbworks.com/w/file/fetch/144776232/49476878383.pdfIn PDF document text
- http://nukisefel.pbworks.com/f/passport_size_photo_psd.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dc9582b9-42ff-44bb-a80c-f94f639a9556/rekegaji.pdfIn PDF document text
- http://noxiwako.pbworks.com/f/culturally_responsive_teaching_and_the_brain_chapter_summaries.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f8053d5-fa25-4592-b204-9031a1118deb/honda_gcv160_pressure_washer_carburetor_adjustment.pdfIn PDF document text
- http://tevimunon.pbworks.com/w/file/fetch/144796611/fekowumefifumaloti.pdfIn PDF document text
- http://favixose.pbworks.com/w/file/fetch/144942048/37831968221.pdfIn PDF document text
- http://poxanoralanu.pbworks.com/f/punchline_algebra_book_b_answer_key_quadratic_equations_and_functions.pdfIn PDF document text
- http://vimadutukad.pbworks.com/w/file/fetch/144907797/kamus_bahasa_arab_amiyah_mesir.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/18a1554c-b151-4b89-8068-b8259284a368/turning_the_hiram_key_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/340d5055-af6a-41a1-a622-ebb5a10f8090/79790541823.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ece0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xECE0 | 5244 bytes |
SHA-256: d2199f60fb7726b51d26f5ef0dff7db5a6c7b22e8e7f55c80a6202c11f8ba1a9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.