MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains embedded links, with one specifically pointing to 'https://yafferge.ru/strik?utm_term=how+to+install+directv+to+firestick', which is flagged as a malicious redirector. The document body, though heavily obfuscated, contains text related to 'how to install directv to firestick', suggesting a lure. The presence of multiple links on disposable hosting and a high ML classifier score further support its malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.9782
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/strik?utm_term=how+to+install+directv+to+firestick In PDF document text
- http://xanejog.medianewsonline.com/44370237673.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4490547/normal_6007c495d1ce9.pdfIn PDF document text
- http://lubevos.scienceontheweb.net/78936509482.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4423189/normal_602ecc176417e.pdfIn PDF document text
- https://tujarabevazedi.weebly.com/uploads/1/3/4/2/134235746/e3a64653d267c3.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379363/normal_605d7a1aa36ea.pdfIn PDF document text
- https://gasaromub.weebly.com/uploads/1/3/0/7/130776100/zadul.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4401559/normal_6017b7ae45f7a.pdfIn PDF document text
- https://munelexogetajax.weebly.com/uploads/1/3/1/4/131437313/73f1fcdaa4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4405662/normal_5fe84149801df.pdfIn PDF document text
- http://xijulefabogi.getenjoyment.net/star_spangled_banner_alto_sax.pdfIn PDF document text
- http://fuxunowelujuxa.atwebpages.com/oxford_bookworms_library_starter_robin_hood.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d74404e5-ae39-4d2a-826a-e090ee1a9a29/39914656720.pdfIn PDF document text
- https://s3.amazonaws.com/muvazi/best_python_tutorial_for_beginners.pdfIn PDF document text
- https://s3.amazonaws.com/werowibovezoje/91025227691.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/23e05ec0-672d-4abc-849f-3bbd8ed2fc1d/bevibimo.pdfIn PDF document text
- https://s3.amazonaws.com/pezofut/52209995871.pdfIn PDF document text
- http://sinusisokopex.atwebpages.com/bulosoromavutenifag.pdfIn PDF document text
- https://s3.amazonaws.com/jitimesolagun/how_long_ago_was_the_bible_book_of_job_written.pdfIn PDF document text
- http://zonurupadul.atwebpages.com/kukenagasiwivakozot.pdfIn PDF document text
- http://sawesupunozigiv.atwebpages.com/rogebigom.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.