MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/aws?utm_term=how+to+test+the+12+cranial+nerves+ppt PDF link annotation
- https://cdn.sqhk.co/lewovazu/cVbgigf/siren_head_story_game_roblox.pdfIn PDF document text
- https://cdn.sqhk.co/lufelumad/agcifhf/14811867479.pdfIn PDF document text
- http://fontawesome.iohttp://fontawesome.io/license/In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/wipotegadodorek/macbeth_full_summary_in_hindi.pdfIn PDF document text
- https://s3.amazonaws.com/jepinebawo/best_agatha_christie_books_ranker.pdfIn PDF document text
- https://63995da9-74be-4895-8497-a4fa53c9845d.filesusr.com/ugd/788c84_d3f9a2a2e555496aad404b3680ab03b6.pdf?index=trueIn PDF document text
- https://d17f4099-ecc1-42b1-9c73-51521793457c.filesusr.com/ugd/4a2613_2f033c22a90f45ccbae4f376d6de144e.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/zoluwivebiro/spider_solitaire_microsoft_corporation_free.pdfIn PDF document text
- https://37976aa0-f55f-47d3-847a-8d185b13ebf6.filesusr.com/ugd/1d6212_8ed57296eb70436dbd3bf515e2a1ecfd.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jeromisixinolib/xexewevirawabamegola.pdfIn PDF document text
- https://s3.amazonaws.com/sajatesawodiji/present_simple_tense_multiple_choice_test.pdfIn PDF document text
- https://9a60fab3-6fb0-4be7-9305-b2e3cc44d963.filesusr.com/ugd/811c4f_3cf85d39b65f45bc85817507d93ffc28.pdf?index=trueIn PDF document text
- https://502e425a-54a0-4661-a3e6-c6e116bdb13d.filesusr.com/ugd/10da26_ecab991b6a314cb0bd1d952f5729d653.pdf?index=trueIn PDF document text
- https://c8a164a7-2549-4056-b209-d27d417f800b.filesusr.com/ugd/136d3d_5d5c6608d5cb4ff7a776472e314873cb.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/mawesenasijoser/wuwepumutozadusopopakobas.pdfIn PDF document text
- https://e8677ced-6330-435e-8237-200fb10408a4.filesusr.com/ugd/a4c1fa_495bfb345a274e578c1a7fe12bb1caeb.pdf?index=trueIn PDF document text
- https://5a1138df-423b-4a5d-a7c7-36223740754e.filesusr.com/ugd/a72fa8_186c09367c014bf4ae9f538fa0c15326.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/dapekufoxiraku/einsteinium_element_information_properties_and_uses.pdfIn PDF document text
- https://d1e6aceb-f258-402f-b59e-92ecb386693c.filesusr.com/ugd/2cc58f_6cb089b2fb7247e2bd61e9fbdabce3a7.pdf?index=trueIn PDF document text
- https://8aefc570-8454-48c3-bb63-d4d1067b7ce0.filesusr.com/ugd/5c9621_c54e6c27ada54131b41095a2369a44aa.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/sugowubuf/how_to_improve_gdp_per_capita.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ef06.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF06 | 1684 bytes |
SHA-256: 51fdace8bd53b7d2e6af2c0ab3a57c298b99a0f760d42a36c32010743562cd6d |
|||
font_01_sfnt_off0000f76a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF76A | 5316 bytes |
SHA-256: af289429401a82c759b8ae033e21467eda5842c1d4eb324c524e3350b315985f |
|||
font_02_sfnt_off0001099c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1099C | 10784 bytes |
SHA-256: 34d4b2434b1321c4842d01bc42ebb8409f2389ff9ada0ee51a9fa7fb5735fe6b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.