MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a significant number of external links, as indicated by the PDF_SEO_LINK_FARM heuristic. One of these links, 'https://archism.ru/pbw?utm_term=gta+namaste+america+for+android', is flagged as unknown reputation, suggesting a potential phishing or malicious redirection attempt. The ML classifier and ClamAV also strongly indicate maliciousness, consistent with a phishing or spamming campaign.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://archism.ru/pbw?utm_term=gta+namaste+america+for+android PDF link annotation
- https://cdn-cms.f-static.net/uploads/4456119/normal_605a6a469912a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4504568/normal_6044222e31200.pdfIn PDF document text
- https://beripetalodewug.weebly.com/uploads/1/3/4/8/134865824/mugowagovixete.pdfIn PDF document text
- https://ralokokotozupar.weebly.com/uploads/1/3/4/3/134340958/nilasevinipese_ratodabixa_witupexukuberer.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4489058/normal_5fceb7759a0cb.pdfIn PDF document text
- https://vesodebeso.weebly.com/uploads/1/3/4/3/134314426/4770ef8111d.pdfIn PDF document text
- https://junanopawakeza.weebly.com/uploads/1/3/3/9/133999625/e800d401f1f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4411691/normal_6031b25eb379c.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4402262/normal_5feb3c0ca720a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4379618/normal_5fe3bfd2ac36e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4366033/normal_60085e6436ece.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367937/normal_605a701091ba1.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/b34ab97b-76d7-4654-941a-eeadf0785c7e/metal_gear_solid_1_female_characters.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a49f9c42-e499-4df3-b1f6-37fe9973ba41/26020156615.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b81d13f2-33ff-47f8-991c-7bdb8f3d2a0b/nuriwiridaxeridow.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/233afc9a-8252-41a6-814f-5a3df92a4537/coleman_evcon_heater_parts.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1e3a3676-48e2-477a-819a-50020dac9b01/ariston_gas_cooker_instructions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/34d433a1-9f3a-4a09-b2f0-08fe7c71485b/2429979355.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3915fe65-65d9-4c68-82cc-418979eaddf8/dell_optiplex_780_graphics_drivers_windows_10_64_bit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ee34acc6-8c0b-4d5a-ba83-198bc1e915a0/diluzolive.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e672.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE672 | 5164 bytes |
SHA-256: 062f06ab603f8db94f8f5c1fa4fc5ec184be5a2c50764b7b96817be9fc24a8e9 |
|||
font_01_sfnt_off0000f7ea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7EA | 4428 bytes |
SHA-256: 995de9adae916075b66afd76b215c63d41758244cb7e36b0581bac1625379901 |
|||
font_02_sfnt_off00010808.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10808 | 11384 bytes |
SHA-256: 447b85c15f17da4e929ec273465b3a2a528caa5d94bf0c94d7c0fb016409f56b |
|||
font_03_sfnt_off00012f42.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12F42 | 16204 bytes |
SHA-256: a95eff378c135b1ab40d10b3cd1da1bafbc07f86005f57898d079c90d712ddbd |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.