MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7719
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/award?keyword=coriolis+force+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4483851/normal_5fcd35332beaa.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4406216/normal_5ff586d86c4e2.pdfIn PDF document text
- https://cdn.sqhk.co/nijalemivowo/aibiiia/67409665106.pdfIn PDF document text
- http://nijubuwuw.iblogger.org/mamuza.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4526930/normal_5ff7808eeb171.pdfIn PDF document text
- http://topenir.iblogger.org/escuchar_la_biblia_reina_valera_1960_en_audio.pdfIn PDF document text
- https://cdn.sqhk.co/fasazani/eijcLSm/giruxolev.pdfIn PDF document text
- https://cdn.sqhk.co/jotapepikota/dBAidnU/anime_boy_maker_picrew.pdfIn PDF document text
- http://jaxorad.22web.org/brusali_bed_frame.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/85d2a609-47e2-4d96-beeb-9822396cfdc5/what_does_hashing_mean_in_by_the_waters_of_babylon.pdfIn PDF document text
- http://jobifizokugo.rf.gd/gijulotubaluzumimi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8dc1f474-c244-4ad8-8da6-734113b24bb5/hp_printer_2542_ink_cartridges.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/930502c0-63c5-4337-b42a-2bee7ad25185/fevufevixurifax.pdfIn PDF document text
- http://vafulipanuvada.rf.gd/the_chemistry_of_calm.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1e9b2b2e-925a-40f9-a6f2-6e851720a45e/krups_type_964.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8a77b4a0-2894-4808-9e20-7ee0d58d1af1/motivational_interviewing_stages_of_change_powerpoint.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b3b3894d-cb59-4ea8-bc78-ca26559dd344/90523629926.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ce8a3169-a413-4526-8647-d623f313866d/midland_x_talker_t20x4_manual.pdfIn PDF document text
- http://bubexixan.epizy.com/freezing_parkinson_s_information_sheet.pdfIn PDF document text
- http://fewixedagixa.rf.gd/active_and_passive_voice_complete_rules.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7ec34b82-58bc-4eef-87d9-779f89e53580/how_to_write_on_ipad.pdfIn PDF document text
- http://biwomilorawud.rf.gd/bantu_education_pictures.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/09aa4de7-8c30-4c64-aabc-8f1295afaa9a/how_much_does_it_cost_to_get_a_masters_degree_in_mechanical_engineering.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.