MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, a common tactic for link farms and phishing sites, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The ClamAV detection and ML classifier strongly suggest malicious intent, specifically identified as 'Pdf.Phishing.Trojan'. The embedded URL points to a domain that is likely part of a phishing campaign, aiming to redirect users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9960
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nomylo.ru/pbw?utm_term=average+atomic+mass+calculator+chemistry PDF link annotation
- https://static.s123-cdn-static.com/uploads/4466172/normal_5fee73726b527.pdfIn PDF document text
- https://tuvuneboginat.weebly.com/uploads/1/3/1/6/131606819/litikuzejapose-wosavosos.pdfIn PDF document text
- https://teroradibiz.weebly.com/uploads/1/3/4/6/134652159/fikiwo.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4467560/normal_5ff361919dfe6.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4465396/normal_5ff80eae865bd.pdfIn PDF document text
- https://vimosetadasosus.weebly.com/uploads/1/3/2/7/132740377/1bd5d.pdfIn PDF document text
- https://vegipojefatelon.weebly.com/uploads/1/3/4/8/134876486/1798781.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4417988/normal_60b66fcc8ec2b.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2f06a36b-6fac-473d-9efd-e0e0db95f070/how_do_you_get_closed_caption_on_spectrum_remote.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c84d4f3f-4511-4fe8-bce7-f07bd0f06476/what_is_the_purpose_of_a_letter_from_birmingham_jail.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e489ff85-d84f-492b-8ef2-6ffc5e7d603a/does_stretching_relieve_sore_muscles.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/afe8b911-c413-42eb-a170-72b05c2cb1b5/excel_vba_if_statement_continue.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/418f1522-0559-47d3-aa11-68cf4d708d76/kenmore_70_series_washer_replace_lid_switch.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9adb187e-7fef-4543-a2c2-e567239f6045/zisegifudete.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/45673907-77fc-46d1-9662-adb046bd0d33/sylvania_portable_dvd_player_car_charger.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f7d34f5b-b380-44e9-bf37-e862aa5b1ab2/lepanozofaralukun.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4159c95-1844-40f5-8435-d226cb7fa7c8/9032167512.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2348e702-e1ea-4c45-a8be-35bf55f1ec7c/msi_a78m-e35_usb_3.0_drivers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d54a2690-3c0f-442a-8e58-f602ba4e24a9/mulojebiparol.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6dd22522-70df-4a40-9d1f-5d21d5616438/download_film_rudy_habibie_720p.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aee7e9eb-faa8-49e5-b975-bb7006089b13/jubefawusonak.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/82568812-e0aa-4d36-ba0e-24b0164d6e28/69900710976.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a8dbb78b-6615-445e-a3ac-927fefa29e51/yuka_le_guide_de_lalimentation_saine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a88f068c-73e9-4054-b0f2-c9cc3c5a1966/xatajabum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c03c1a7f-2f6e-4042-a178-eaf59793dd94/putuxu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/00439ee7-62cc-4059-a80d-9c9a84871c77/2019_kawasaki_kx_100_price.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000edc7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDC7 | 5364 bytes |
SHA-256: 60c5458c6139165f66d8c78e616fbf032e857cff6f2ddf49b2418e325c2e9c3e |
|||
font_01_sfnt_off0000ffe4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFE4 | 10404 bytes |
SHA-256: 672dec2e37127f3082fe53c3a28120fd3776988fade7a733b4d0c1ce058889e7 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.