MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains numerous embedded URLs, with one prominent URL pointing to a domain that appears to be a link farm designed to redirect users. The document body, though heavily obfuscated, contains text related to 'Rca endeavor 10 hd android tablet reviews', suggesting a lure to trick users into visiting the malicious link. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/strik?utm_term=rca+endeavor+10+hd+android+tablet+reviews PDF link annotation
- http://vozobatenaw.mywebcommunity.org/ch_advantage_pro_mat_cutter_blades.pdfIn PDF document text
- http://zumedemuruva.22web.org/amargo_adios_inspector.pdfIn PDF document text
- http://mamafiposorugul.sportsontheweb.net/texanuvagemuso.pdfIn PDF document text
- http://wemorewabadeluz.mygamesonline.org/84804896918.pdfIn PDF document text
- http://nojekufa.22web.org/covering_letter_for_job_application_word_format.pdfIn PDF document text
- http://bixesifebara.iblogger.org/how_to_put_a_400_day_clock_in_beat.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://tosefiwaniw.rf.gd/atomic_and_nuclear_physics_by_brijlal_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9a599a61-a15c-43f3-a9a7-139529b549c4/95452153722.pdfIn PDF document text
- http://dowugutupisit.rf.gd/nojenugosipitesiwobizuxuw.pdfIn PDF document text
- https://d12e84a0-9808-45da-82c6-613dfe540d1b.filesusr.com/ugd/dc8a8e_960ec389958f4f7eb83f3848425a26ca.pdf?index=trueIn PDF document text
- http://fopatumupun.epizy.com/nefuv.pdfIn PDF document text
- https://s3.amazonaws.com/mixanaz/world_map_with_countries_name_in_hindi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a83fbca4-d4df-473c-807c-1671944964b2/87125000893.pdfIn PDF document text
- https://314f4944-3dd9-45af-b5ee-fc7f46c963e4.filesusr.com/ugd/73cb9e_8b014008b15c477fa325b1f84c73b6d6.pdf?index=trueIn PDF document text
- https://acfc0e76-311d-46af-9c13-f46c112eb424.filesusr.com/ugd/f90bad_9fe8c6af24fb4083965b137c5ada2b5a.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/daselex/94575953334.pdfIn PDF document text
- https://s3.amazonaws.com/xixonu/covalent_catalysis.pdfIn PDF document text
- https://s3.amazonaws.com/lakujusitejojet/57733909991.pdfIn PDF document text
- https://2d130471-2a64-48ba-87cf-8f1e86c6acad.filesusr.com/ugd/9c43ec_0aa9a48dad88426aa406248ebea9a59e.pdf?index=trueIn PDF document text
- http://jowatazurusu.epizy.com/vikigamuto.pdfIn PDF document text
- http://wowutuzineko.myartsonline.com/dark_sun_shattered_lands_best_party.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eb22.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB22 | 5520 bytes |
SHA-256: 59f5936d5aab3277c34203da7b936344cdcc49374ea1ad241c9ce344ccb0dccd |
|||
font_01_sfnt_off0000fdf4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFDF4 | 11024 bytes |
SHA-256: d33966d826fb19484e8ac1817b086198a7e4780bc2ff809bb2483985c8d32516 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.