MALICIOUS
204
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as a phishing lure due to its image-only nature and embedded clickable link. The document contains numerous external links, many hosted on disposable domains, suggesting a link farm designed to distribute malicious content or redirect users to phishing sites. The ClamAV detection and ML classifier further support its malicious classification.
Machine Learning
- Nyx PDF Classifier malicious score 0.7559
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 40 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/award?keyword=neurobiology+of+psychiatric+disorders+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4368975/normal_601246945b06a.pdfIn PDF document text
- https://lodavoxi.weebly.com/uploads/1/3/4/5/134505118/wajirij-tokuwuf-biputazapenovo-varetu.pdfIn PDF document text
- https://janirakuvofubej.weebly.com/uploads/1/3/4/7/134734148/4908936.pdfIn PDF document text
- https://posijakafit.weebly.com/uploads/1/3/5/3/135320461/71696cbe0da9.pdfIn PDF document text
- https://babixugopanodip.weebly.com/uploads/1/3/5/3/135382952/334f728d8.pdfIn PDF document text
- https://jaxikagiwuzeno.weebly.com/uploads/1/3/4/6/134698588/5539980.pdfIn PDF document text
- https://cdn.sqhk.co/vovomafejuwa/cjdsYjd/tangled_up_in_you_staind.pdfIn PDF document text
- https://cdn.sqhk.co/pulisamog/dkxjg9C/zukiziragifegu.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369333/normal_600fa07621983.pdfIn PDF document text
- https://cdn.sqhk.co/duzemata/icFhcgi/81275442620.pdfIn PDF document text
- https://kunotokadi.weebly.com/uploads/1/3/1/3/131379116/3071065.pdfIn PDF document text
- https://wasefopepaseb.weebly.com/uploads/1/3/1/8/131856398/gavupigixinoden.pdfIn PDF document text
- https://saselafe.weebly.com/uploads/1/3/4/8/134894966/1695dc36.pdfIn PDF document text
- https://lubozukutiximik.weebly.com/uploads/1/3/4/4/134472848/67336e3ad3d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421614/normal_5feeba9674bf2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375503/normal_602a92a2564eb.pdfIn PDF document text
- https://komiwafaka.weebly.com/uploads/1/3/2/7/132712661/da8e433b8.pdfIn PDF document text
- https://varozifan.weebly.com/uploads/1/3/0/7/130740200/30e3a0e.pdfIn PDF document text
- https://mamexobupelo.weebly.com/uploads/1/3/1/3/131383482/pufebapaxupete.pdfIn PDF document text
- https://4bbf79d8-97e4-42de-9a75-948158c354f0.filesusr.com/ugd/52f5d3_337c187faadb4724acf50ab2f90351b5.pdf?index=trueIn PDF document text
- https://52c77544-2eb8-427c-ad0e-a8a7e2ea9366.filesusr.com/ugd/93288f_5795330462c6470f80ae4c70119ed931.pdf?index=trueIn PDF document text
- https://be934b08-0dcc-4e2e-8de1-c3c1c32dbfab.filesusr.com/ugd/d5415a_68e0287236ca4dcea3edef95b388024e.pdf?index=trueIn PDF document text
- https://aed0ee3a-d217-4696-a563-de9ff15d6c37.filesusr.com/ugd/f80e3f_be456fa6e2ad4de793da2cdaac185627.pIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.