MALICIOUS
244
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links, with one prominently pointing to a suspicious domain (`crophysi.ru`) that is flagged as a malicious redirector. The document body, though heavily obfuscated, suggests a lure related to 'IELTS general speaking test samples'. The presence of numerous links and the ML classifier's high confidence score indicate a malicious intent, likely to redirect users to phishing or malware hosting sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/award?keyword=ielts+general+speaking+test+samples+with+answers+pdf In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/c5d2211e-faae-4eab-97a7-ea4ec8a77bcc/asus_n66u_firmware_restoration.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55126fe5-5832-448d-9eda-559f38a639cf/bosojix.pdfIn PDF document text
- https://9f53eded-325d-4e02-8430-7c09bd872488.filesusr.com/ugd/e04405_308f0531c1bc4f83ab3ab8d5291efd6d.pdf?index=trueIn PDF document text
- https://9005a25f-7293-4a73-bb0f-bc58e8c16807.filesusr.com/ugd/e3834b_18b7ccb1aed1415b803273c338bb3e4b.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/589e9b94-e7da-424a-b23c-9d5e53935c6d/44976276725.pdfIn PDF document text
- https://f8d4b294-f952-4a11-85e8-0a3036f9bdaf.filesusr.com/ugd/ad8f3a_3b03ba34e524456b875b486c7e421107.pdf?index=trueIn PDF document text
- https://e9593579-f51f-4dc6-af55-2543ab512b45.filesusr.com/ugd/37952c_101b7ae3d76e40ff8c7e10c6d0beed39.pdf?index=trueIn PDF document text
- https://7fd92c66-d3af-485c-b7a9-31529ddfb1b5.filesusr.com/ugd/997d0f_cab3cc092a1348dc94244eb3f5c927d7.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/8f16c921-b814-4134-87e2-c8c5440e1883/64287813381.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fc50bdd9-d833-4369-b3fa-3329ac211be1/rerowu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/68792fc8-617c-44e5-9e56-1337aadff8fa/webozemiras.pdfIn PDF document text
- https://18cb0a1d-3822-48a5-9ca0-56465202bc9b.filesusr.com/ugd/96564c_779712ff7d8e4811ab775bb0f5118c64.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/a668b3c6-72f5-49e3-a6ae-33f06334dbd0/unitypoint_clinic_family_medicine_east_des_moines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/788ae111-99ee-455e-b11f-25e1dc2a0c31/dog_man_grime_and_punishment_book_summary.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2c5bd281-74b4-4083-9fa6-0073ccde6a06/oxford_picture_dictionary_english_spanish.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0a8a9a29-f879-4e2c-841f-173245ce0546/41873242987.pdfIn PDF document text
- https://1801fa0f-56e4-4894-8452-b8e06651d4be.filesusr.com/ugd/868401_2bf1cc0da1dc40deab9e191ea3b16dff.pdf?index=trueIn PDF document text
- https://80c93ba6-74df-4afb-9852-3a83eaba20e3.filesusr.com/ugd/4cf28d_b284b04a2f8c462e8b3d9050a271c681.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/5ae8bf69-c94c-4690-827d-b1727e2531ee/4603457548.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f99cbe5c-00b7-42b9-873d-afbf3d870667/nutuvokabuzozorow.pdfIn PDF document text
- https://6d706a39-1f93-4f1a-9423-caccf7e65e71.filesusr.com/ugd/69f91f_170c616a854f48c3845dc5bbf6d08ddc.pdf?index=trueIn PDF document text
- https://9a4b5e96-23fe-4021-9525-787506808755.filesusr.com/ugd/b3318b_e869b8cc63834c9ebd8270c396976b5f.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/de33058e-0f96-4794-b9a7-3d8c5cd8b7a3/what_is_the_hardest_boss_in_dark_souls_3.pdfIn PDF document text
- https://55d63786-14d6-44de-84d0-33f1fb383c44.filesusr.com/ugd/45fd81_da99b5f6634d495696f65937d74aa929.pdf?index=trueIn PDF document text
- https://538d8494-0c7d-401a-b890-0485f6bc7bca.filesusr.com/ugd/29c71c_720de8e49ce44524b09a11dbb1da57f6.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001c49c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C49C | 5548 bytes |
SHA-256: 991d34b098588f6ee1b1eab7599efcb4e72b702feb5d45e891c5c28ec63a772b |
|||
font_01_sfnt_off0001d766.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D766 | 11000 bytes |
SHA-256: b10476ede51b1503daa5feaff744e80f3a56cb44a0479faf950d4ae5091bafd9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.