MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a large number of external links, many of which are disguised as educational resources. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass of external PDF links, suggesting a link farm or redirection scheme. The ClamAV detection and ML classifier further support its malicious nature, likely serving as a phishing or redirection lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.7861
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/award?keyword=silaba+tonica+y+atona+ejercicios+para+ni%25C3%25B1os+pdf
- https://cdn-cms.f-static.net/uploads/4402718/normal_602dfe599138b.pdf
- https://timowerudep.weebly.com/uploads/1/3/0/7/130738780/3739352.pdf
- https://panikelixiguju.weebly.com/uploads/1/3/4/4/134478359/wafexavup.pdf
- https://cdn.sqhk.co/wuzosiboweja/Mghihii/53144416551.pdf
- https://cdn.sqhk.co/mixagumidis/jiX4ibU/bupave.pdf
- https://cdn-cms.f-static.net/uploads/4424951/normal_6018332d5ad7c.pdf
- https://cdn-cms.f-static.net/uploads/4475376/normal_603d1f9c307f4.pdf
- https://cdn.sqhk.co/jimevexir/b9FjdPP/rebegovunivagujedosikoja.pdf
- https://cdn.sqhk.co/ligumorik/iethh9u/26065947084.pdf
- http://latencfsrt.space/561193864069ki0x.pdf
- http://magic-spring.com/how_to_connect_dvr_to_directv_appy0soc.pdf
- https://cdn.sqhk.co/lupokuna/vgujgif/95280869366.pdf
- http://kino-vezde.ru/zalaxijulojazoxf0n7l.pdf
- https://kovajokuluvemu.weebly.com/uploads/1/3/5/3/135335912/gurowaxuxilavebuwali.pdf
- https://cdn-cms.f-static.net/uploads/4427091/normal_604b832e4e7bf.pdf
- https://noparageselex.weebly.com/uploads/1/3/1/8/131856757/rozivuteb.pdf
- https://cdn-cms.f-static.net/uploads/4419451/normal_5fe68632be9ca.pdf
- http://pedalini.club/418555341896hj3z.pdf
- https://pomisefinare.weebly.com/uploads/1/3/4/9/134902228/218706.pdf
- http://allrecipes.pro/19443090975n45ty.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/tugumeb/76245248548.pdf
- https://s3.amazonaws.com/gisujubolidine/storm_spirit_guide_reddit.pdf
- https://s3.amazonaws.com/faduxodiwo/el_guardin_entre_el_centeno_resumen_captulo_9.pdf
- https://s3.amazonaws.com/gapivegek/balance_sheet_format_for_llp_in_excel.pdf
- https://s3.amazonaws.com/dukajevo/is_the_canon_pixma_mg2522_printer_wireless.pdf
- https://s3.amazonaws.com/wibadinavosunom/rolumelalozuliwid.pdf
- https://s3.amazonaws.com/putelekireza/youtube_to_avi_divx_converter_online_free.pdf
- https://s3.amazonaws.com/kisagoz/taco_bell_fresco_style_zesty_chicken_border_bowl.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f00e.bin2576060e81e83b3ece0a15abd1b5a8b6a542793b4b3c93829391a0c41015bb73 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF00E | 5784 bytes |
font_01_sfnt_off00010391.bin254591fd0d8bb837ca93e6007df2d881882ca1f30998237cdb5d756f1a463856 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10391 | 11840 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.