MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link farm designed to redirect users to malicious sites, masquerading as a song download. The heuristic PDF_SEO_LINK_FARM and the presence of numerous external links, including the primary malicious URL, strongly indicate a phishing or redirection attempt. The ML classifier and ClamAV detection further support the malicious nature of this document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9877
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/strik?utm_term=pyar+kiya+to+nibhana+mp3+song+download+raagsong
- https://davovexo.weebly.com/uploads/1/3/4/3/134355956/aad68fdc25e39.pdf
- https://temizugejifo.weebly.com/uploads/1/3/1/3/131384470/cf8d12edc422ed.pdf
- https://rigagebefizo.weebly.com/uploads/1/3/4/6/134631069/natipoditujuroli.pdf
- https://vojufeluwa.weebly.com/uploads/1/3/2/6/132681665/faruxadumapo-kovupuvodedoged-wubibikamuboz-gejuj.pdf
- https://gidafefutor.weebly.com/uploads/1/3/4/0/134040883/bowud.pdf
- https://tavadubamik.weebly.com/uploads/1/3/4/4/134473349/rezolunig_zaxiju_taladekemif_mivuzap.pdf
- https://masagefila.weebly.com/uploads/1/3/4/5/134505888/tipegulovixobetir.pdf
- https://fukuperuka.weebly.com/uploads/1/3/4/8/134883813/ba8b5c7cc408.pdf
- https://satewode.weebly.com/uploads/1/3/1/4/131407014/zitirudugulaj.pdf
- https://sogitinavebifi.weebly.com/uploads/1/3/5/4/135400198/satatoxoziku_jorenikinurime_fevozodasabokaw.pdf
- https://sovawetozinunur.weebly.com/uploads/1/3/1/4/131407226/sexapanorefadaz-xupiwezogafuf-xesalasaxezeb.pdf
- https://buzolemego.weebly.com/uploads/1/3/5/3/135393469/1886413.pdf
- https://rozinefowo.weebly.com/uploads/1/3/4/5/134576391/bc5709807a3.pdf
- https://kejopawilut.weebly.com/uploads/1/3/4/7/134709951/360486.pdf
- https://jifimarug.weebly.com/uploads/1/3/5/3/135319291/1b41bf9cad.pdf
- https://nikotegonekis.weebly.com/uploads/1/3/4/6/134628666/wutajalumave.pdf
- https://rapelolizoxofi.weebly.com/uploads/1/3/1/3/131381924/6603893.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://fedorahosted.org/lohit
- https://uploads.strikinglycdn.com/files/5cfe8e2b-1d42-44cd-bd4c-56934d8dbbda/diablo_3_crusader_thorns_build_season_16.pdf
- https://s3.amazonaws.com/netinuwa/halo_wallpaper_4k_android.pdf
- https://uploads.strikinglycdn.com/files/d1d09cb8-ae81-4fea-9ec4-1c92ea279d24/gogugatepokijapagozob.pdf
- https://s3.amazonaws.com/foneniz/video_er_professional_3._2._8.pdf
- https://uploads.strikinglycdn.com/files/e8c1482a-8bf3-4ffa-8b1c-964242a64c03/pifegebo.pdf
- https://s3.amazonaws.com/lezerawe/catalogo_truper_2017_distribuidor.pdf
- https://s3.amazonaws.com/kesumasaka/libro_el_cerebro_del_nio.pdf
- https://uploads.strikinglycdn.com/files/442fd63e-f67e-4f7e-80aa-40c8e83d5103/pose_book_free_download.pdf
- https://uploads.strikinglycdn.com/files/164b8c69-bd00-4755-992b-08fec9e34a9a/the_perfect_law_of_liberty_kjv.pdf
- https://s3.amazonaws.com/vovuzize/tewexuruwid.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e5dc.binf27d34dafaf23f7d14df951d52efe29d683a3939badfc2f29a236202eceac283 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE5DC | 5936 bytes |
font_01_sfnt_off0000f9ef.bindffe70fd672008162e1fd54da5da0087689bf5e798e439c5e899cf79c4fc5670 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9EF | 2352 bytes |
font_02_sfnt_off0001044b.bine0adab775f5f552945b898969fe67560a0c17c386a7c4184287b9061dbd6e4e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1044B | 11440 bytes |
font_03_sfnt_off00012b00.bin5df9a924020f3b47f20d23ec22d8572383feb6ad42681b2b1a3175c3053cc5e6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12B00 | 16132 bytes |
font_04_sfnt_off00014032.bin872dc0a863c403c88f5ced49af9917bbeab41fb49fb4bcdcf0bf43ca694dab0b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14032 | 4352 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.