MALICIOUS
186
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file contains a large number of external links, many hosted on disposable domains, suggesting a link farm or SEO spam operation. The primary malicious URL identified is https://midufefew.ru/strik?utm_term=delta+monitor+shower+faucet+set+screw+size, which is likely used to redirect users to malicious content or phishing pages. The ClamAV detection and ML classifier further support its malicious nature, indicating it is a phishing or trojan delivery mechanism.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/strik?utm_term=delta+monitor+shower+faucet+set+screw+size PDF link annotation
- http://rafupofamurawaf.mygamesonline.org/vugutomezafivon.pdfIn PDF document text
- https://kusipujetaz.weebly.com/uploads/1/3/4/4/134462876/baxegufavufoxumarodu.pdfIn PDF document text
- https://kazigujexumakul.weebly.com/uploads/1/3/4/3/134320364/poparofimuz-gunedise-kidoz.pdfIn PDF document text
- https://nunajamedagafep.weebly.com/uploads/1/3/5/3/135325778/jefitagimuditot.pdfIn PDF document text
- http://datab.vip/missing_411_books_online22970.pdfIn PDF document text
- http://mamafiposorugul.sportsontheweb.net/relentless_avenger_dnd_5e.pdfIn PDF document text
- https://mixuvuweti.weebly.com/uploads/1/3/1/4/131483588/b78ca.pdfIn PDF document text
- http://adminhalil.com/95319703711ztz33.pdfIn PDF document text
- http://reawolt.online/fashion_war_classic_vs_hipster_mod_apk3y0w1.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://8eb0ff2f-1b5f-41fb-a82b-bf279dc7f43e.filesusr.com/ugd/868f76_1098715ee5854c91820d22ca15bfe1ae.pdf?index=trueIn PDF document text
- https://88749095-6fd7-453f-8e8a-15b48fe47dd1.filesusr.com/ugd/e4d7df_a88caa3ea07747d3b7bfdb808ca332ac.pdf?index=trueIn PDF document text
- https://80c8fd16-4cf8-4f9f-b52b-d6c956df8f3b.filesusr.com/ugd/1a94e8_7279d7d43cbb4858be42f54b50f26220.pdf?index=trueIn PDF document text
- http://furunes.onlinewebshop.net/physics_principles_and_problems_chapter_16_study_guide_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/33fad83b-ec19-4607-aaec-96323c4bafe6/75942210165.pdfIn PDF document text
- http://nisetekotixob.myartsonline.com/literary_terms_crossword_puzzle_answer_key_9th_grade.pdfIn PDF document text
- https://7605d98d-8b17-4a41-9383-f5c8d5af9bcc.filesusr.com/ugd/2bed4c_783e7f3ad88f4e56800f856ca2c2b3bf.pdf?index=trueIn PDF document text
- https://eadb47d6-6712-4ecd-aa5a-2cdcf2d90b86.filesusr.com/ugd/c844bf_0bd854b03f4748449142922dd3294e4c.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/27f99653-6ed3-42a2-ad15-49a2c1eaf621/peluvewujirirexejimu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8ae6ecb1-f949-44be-9f17-208d10e64f73/75891440050.pdfIn PDF document text
- https://1682489e-d94b-4f22-b6a6-c8ecb623ca2e.filesusr.com/ugd/5f226e_05de809070d34f018d7363b77f90443d.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/f8d2edff-3ebc-4446-b488-b697e33953fd/xelega.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/beff6493-3cdb-4e70-85b5-1449a484e682/76819865196.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010046.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10046 | 5264 bytes |
SHA-256: 9ddb18f0792c3490b96ecb5ae07d926548de7e91aa567a2f3037778751e55e24 |
|||
font_01_sfnt_off00011221.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11221 | 10776 bytes |
SHA-256: fb30f22034281324b2c242fcd466723d994be8e870429ee11c6de7143de04159 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.