MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/strik?utm_term=saeco+aroma+espresso+machine+canada PDF link annotation
- https://cdn.sqhk.co/wevujawej/1zyJgiJ/tokerezorirajosizuru.pdfIn PDF document text
- https://tiguziriwisil.weebly.com/uploads/1/3/1/0/131071210/288d5266fc98.pdfIn PDF document text
- https://kaperimivegorew.weebly.com/uploads/1/3/4/3/134371305/kamoviliruzowo-gelegidubiwi-kixaguriribom.pdfIn PDF document text
- https://cdn.sqhk.co/segexiji/ageQSRI/remix_dolls_lol.pdfIn PDF document text
- https://cdn.sqhk.co/jogibigeda/3jfkgj7/individual_development_plan_template.pdfIn PDF document text
- https://cdn.sqhk.co/tororukiwuri/ffidAig/bebiduwek.pdfIn PDF document text
- https://cdn.sqhk.co/goberirud/aOhaFjh/81116950347.pdfIn PDF document text
- https://niwarixetawozav.weebly.com/uploads/1/3/4/1/134108921/2596113.pdfIn PDF document text
- https://manomukujoputu.weebly.com/uploads/1/3/4/5/134517900/5720aa5.pdfIn PDF document text
- https://cdn.sqhk.co/zasemewiti/ZL5igie/depunalujobetaparamu.pdfIn PDF document text
- https://cdn.sqhk.co/rolileduvof/ehhEjbI/java_swing_plugin_for_eclipse.pdfIn PDF document text
- https://popovomogomube.weebly.com/uploads/1/3/0/7/130738885/pozusugudenovuke.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/9f6e715f-deb4-4766-8040-0a186529f8a9/sufovawewebefozog.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/582097fe-df94-4085-ba8b-b8d34a911910/power_cooker_plus_rice.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e29bee9-ab56-46f3-8995-81ef25782aa3/versiones_de_la_biblia_on_line_en_espaol.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dc242628-cd19-47e9-a0d6-7ac68cdf08df/la_esposa_que_ora_por_su_esposo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae1b9da9-9d77-4de8-9643-03bd0ff7c0fb/75713433467.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aca18439-2585-426c-b3b4-723ae5e7e4b3/nail_shops_open_in_new_orleans_east.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db3e8726-2bb0-4c2a-b5b3-bf80f8a64281/waliw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f9bc5f1-0ca2-4faa-a61c-b1b30fee8b9a/sisajajebunugenesoxeda.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8d3e8fe3-257a-4f8f-8969-053b626792ee/what_were_some_reasons_for_writing_the_declaration_of_independence.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b69db691-e918-40eb-80ae-61fee38cd81b/ipibl-lb_sound_driver_windows_7.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a28f342f-1f76-4412-8613-446b46d28c94/98099164088.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8b72e368-527d-48d1-acf6-3c842a1bc0c8/diana_palmer_book_series_list.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000107ea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x107EA | 5384 bytes |
SHA-256: 75ffa6157ceeabb835b1d08559fcd7d3aa7104bc8f06d62f0c129f8fe969ed0c |
|||
font_01_sfnt_off00011a0f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11A0F | 11480 bytes |
SHA-256: 0a5345696115e5d39cf03504dbc452965de243b1329d06cc82925c2e2aebdc2e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.