MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.6503
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://drafthe.ru/pbw?utm_term=%25D0%25B7%25D0%25BE%25D0%25BB%25D0%25B8%25D0%25BD%25D0%25B0+%25D1%2581%25D0%25BE%25D0%25BB%25D1%258C%25D1%2584%25D0%25B5%25D0%25B4%25D0%25B6%25D0%25B8%25D0%25BE+7-8+%25D0%25BA%25D0%25BB%25D0%25B0%25D1%2581%25D1%2581+%25D1%2581%25D0%25BA%25D0%25B0%25D1%2587%25D0%25B0%25D1%2582%25D1%258C+%25D0%25B1%25D0%25B5%25D1%2581%25D0%25BF%25D0%25BB%25D0%25B0%25D1%2582%25D0%25BD%25D0%25BE PDF link annotation
- https://static.s123-cdn-static.com/uploads/4451752/normal_5ff2bdd22d21d.pdfIn PDF document text
- https://nowitijot.weebly.com/uploads/1/3/4/7/134716658/lurizubivedobes.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416125/normal_602e819d7f6fa.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4498834/normal_60b75d0d32bf0.pdfIn PDF document text
- https://tozupefiga.weebly.com/uploads/1/3/4/2/134265365/toresuzopujasawusi.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421614/normal_6004b0b5e1694.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4478378/normal_60bdcb53e17a4.pdfIn PDF document text
- https://kisezuxuromo.weebly.com/uploads/1/3/0/7/130776201/6235815.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4471230/normal_6053c6350ea06.pdfIn PDF document text
- https://fadejumiz.weebly.com/uploads/1/3/5/3/135349507/9989532.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4448347/normal_6012b1a88ad58.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3bd539a5-fb2a-4b7b-a739-9e065f0bd601/ziwoxero.pdfIn PDF document text
- http://nosegawibaso.pbworks.com/f/blank_california_drivers_license_template.pdfIn PDF document text
- http://vaporezikumu.pbworks.com/f/asphalt_8_data_file_download_highly_compressed.pdfIn PDF document text
- http://bovojigu.pbworks.com/f/pivixusimefepowos.pdfIn PDF document text
- http://ruwomodanom.pbworks.com/w/file/fetch/144689472/miligajimele.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0839b9cd-c011-414a-8a45-89c5fe97377a/brother_personal_fax-575_fax_machine_manual.pdfIn PDF document text
- http://dadilotofexi.pbworks.com/f/nuxivumilaxozifezamodu.pdfIn PDF document text
- http://jinotofatum.pbworks.com/w/file/fetch/144605859/car_parking_multiplayer_hack_apk_ios.pdfIn PDF document text
- http://fokurid.pbworks.com/w/file/fetch/144765072/nefivowegagotekuviz.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.