MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file was detected as malicious by ClamAV and an ML classifier. It contains numerous links to external websites, many hosted on compromised WordPress sites, suggesting a link farm or phishing lure. The document body, though heavily obfuscated, appears to be a decoy, likely intended to trick users into clicking the embedded links which may lead to further malicious content or malware downloads.
Machine Learning
- Nyx PDF Classifier malicious score 0.7443
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://archism.ru/uplcv?utm_term=amoeba+sisters+video+recap+of+mutations+updated+worksheet+answer+key
- http://mgmkt.com.br/wp-content/plugins/formcraft/file-upload/server/content/files/160afc27e49b45---zigower.pdf
- http://terapie-psi.ro/wp-content/plugins/formcraft/file-upload/server/content/files/160851b3a034f6---74643251127.pdf
- http://nakatka.com/files/file/64365369306.pdf
- https://trichynext.com/wp-content/plugins/super-forms/uploads/php/files/c68843faddda0cd48c0c43c3ce8be30b/rolekodeg.pdf
- https://srp-galabau-rostock.de/wp-content/plugins/super-forms/uploads/php/files/9qdq335q4r28l33gr0rqkd3tu2/vakesademeje.pdf
- http://bestforfishing.com/wp-content/plugins/super-forms/uploads/php/files/47955ee89c804432a06f6dda74079a9b/49049330122.pdf
- http://www.lightingandhvacexpo.com/wp-content/plugins/super-forms/uploads/php/files/57f69f29f207fb621975a8ba40d8c588/novevopigalewisagevapos.pdf
- http://allmedicus.com/userfiles/file/48260649568.pdf
- https://www.foundationofhope.org/wp-content/plugins/formcraft/file-upload/server/content/files/1607cbb2b330e7---sobatevokiwotawotupabu.pdf
- http://aite-materials.com/upfiles/file/xonafetozazeditupufowukom.pdf
- https://controlcert.se/wp-content/plugins/formcraft/file-upload/server/content/files/160908cb392458---34948776397.pdf
- https://www.truesdalepainting.com/wp-content/plugins/formcraft/file-upload/server/content/files/160ae02b45573e---setivijejex.pdf
- https://law.myvzl.com/wp-content/plugins/super-forms/uploads/php/files/h84q8dj5l6b5fst0ho6n1iic3o/mudabot.pdf
- http://drinkandshrink.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/1607a3eef53e31---77020413189.pdf
- https://rmissio.pl/wp-content/plugins/formcraft/file-upload/server/content/files/1609f97e6067ba---wikes.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.