MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic firing for PDF_SEO_LINK_FARM, indicating a large number of external links. The ML classifier and ClamAV also flagged this file as malicious. The embedded URLs, such as 'https://nipisod.ru/wix?keyword=moving+straight+ahead+ace+1+answers', likely lead to phishing or malicious content, aligning with a spearphishing attachment attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9551
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wix?keyword=moving+straight+ahead+ace+1+answers
- http://mobufuwiwid.medianewsonline.com/what_is_the_average_income_of_a_household.pdf
- https://kasezikibojeg.weebly.com/uploads/1/3/1/8/131871727/f7927787fc1112f.pdf
- https://cdn.sqhk.co/zowonefaso/4jggjie/19181007701.pdf
- https://cdn.sqhk.co/pizililiv/hhlhe7S/35382788599.pdf
- http://vorecan.fun/zijepavomubupuxetwqt.pdf
- https://cdn.sqhk.co/vadetegubufo/fYjj7id/chameleon_song_run_run_away.pdf
- http://kazimibi.getenjoyment.net/deruto.pdf
- https://cdn.sqhk.co/rowazazapa/IFtgelh/zatok.pdf
- https://zubikuzo.weebly.com/uploads/1/3/1/4/131453486/6886811.pdf
- http://dkmz2.club/eso_magicka_dual_wieldc7858.pdf
- https://xigolomo.weebly.com/uploads/1/3/4/4/134483438/kevudelarepaveno.pdf
- http://pokezokebawi.mygamesonline.org/what_do_wheels_signify_in_the_bible.pdf
- https://cdn.sqhk.co/furigelo/9jhgegi/jolt_meaning_in_tamil.pdf
- https://cdn.sqhk.co/repudodo/2gimGHn/video_editor_maker_for_pc_free_download.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/wujafivabipo/55379723220.pdf
- http://kimawawasero.onlinewebshop.net/rawuvebopudegetevowu.pdf
- https://s3.amazonaws.com/sixolose/applebee_s_carside_to_go_menu.pdf
- http://wififeju.atwebpages.com/28717587647.pdf
- https://s3.amazonaws.com/zufaxepixiguxax/zotatupibixuzugomimaxaje.pdf
- https://s3.amazonaws.com/lupuvogotog/clothing_company_business_plan_format.pdf
- https://s3.amazonaws.com/dinilederu/date_sheet_aiou_b._com.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee0f.binbd87ec4211671f0d9bc961d7cd4f06828774f653d94856bfa86b7796342f414a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE0F | 5380 bytes |
font_01_sfnt_off0001007f.bin6ff389140a2ca173732aeab4e13f22db4f1c98f592366e50a215e5e7358a2894 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1007F | 10744 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.