MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many of which are to SEO-optimized PDF documents, indicating a link farm. One of these links, 'https://botokaw.ru/strik?utm_term=mini+militia+unlimited+ammo+and+boost+app+download', is flagged as malicious and likely serves as the primary lure for a malicious application download. The ML classifier and ClamAV detection strongly support the malicious nature of this file.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/strik?utm_term=mini+militia+unlimited+ammo+and+boost+app+download PDF link annotation
- https://zosekofafome.weebly.com/uploads/1/3/4/5/134595162/lavuk.pdfIn PDF document text
- https://nudabubi.weebly.com/uploads/1/3/4/3/134323665/bukepoma-dazanufu.pdfIn PDF document text
- https://poxovoxi.weebly.com/uploads/1/3/5/3/135398301/6937192.pdfIn PDF document text
- https://gipegilut.weebly.com/uploads/1/3/4/6/134699389/vilonazeno_zaruto_wenemabujenu_zozituwuso.pdfIn PDF document text
- https://tadiseregofinu.weebly.com/uploads/1/3/4/7/134748358/9454780.pdfIn PDF document text
- https://xamubamujizej.weebly.com/uploads/1/3/1/4/131483378/paroj-koregodawip-jagusasudomedup-rodupisi.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/4e8b2e46-485e-4d5f-88e9-6302339c0b5b/cat_420d_backhoe_service_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/96430a71-ca15-4fe7-8213-31eca56819a6/action_and_linking_verbs_worksheet_3rd_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1cecc749-b0df-43f2-994b-20fde1a3d7dc/the_portable_nietzsche_epub.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55bbb6c0-3cbd-429a-8e94-0a544f2191b4/personal_fitness_merit_badge_book_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ea42b189-9905-4b25-af0b-77da8c15dca4/15107748194.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5c409d2e-bca6-434b-8979-447bc057fc28/93133842656.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/818223fb-2c07-4bdc-924c-364476ae9c3f/roblox_clothes_codes_boy_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ea3056d2-1e92-41b1-b398-873cdf93ff27/wasd_and_mouse_games_unblocked.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d0940a08-f6e9-42b0-b06e-8e899c64dc17/orbit_water_timer_not_working.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c196691c-f750-4fff-b9e6-fc4d45a97e7b/how_many_types_of_house_wiring_are_there.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78957732-03e1-43a0-8fd9-49cc1e9ee818/oster_roaster_oven_18_quart.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c031b49b-c03b-4baf-92ef-6aea5b767c7c/what_are_the_topics_in_maths.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c9d6f047-65e9-44e2-b1c9-ae93747f3cc8/jujivoletepipovowoku.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/660d3b5e-8a40-4b93-abc8-a9a5a46ba5e8/john_deere_x324_for_sale_craigslist.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/76949c17-667e-402a-a567-3e2283914c4b/artemis_fowl_series_ebay.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ebb919e6-a898-4f49-a416-22b1b597cd6c/how_to_fix_a_laptop_charger_that_wont_charge.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000101c8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101C8 | 5248 bytes |
SHA-256: 07cd201b506ef1340b9c33376f556d7678141bbf48cf385c1c6e5d4d9f9495a4 |
|||
font_01_sfnt_off000113a4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x113A4 | 10796 bytes |
SHA-256: 86ec82a5ca6b66112061900a39b72a35d3721488d6f36af24d747a8feeebc8ae |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.