MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF was flagged by ClamAV as Pdf.Phishing.Trojan and a machine learning classifier indicated a high probability of maliciousness. It contains numerous embedded URLs, with one specifically pointing to a link farm on disposable hosting, suggesting a phishing or redirection attempt. The presence of embedded JavaScript, though not fully analyzed, further supports malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9468
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=map+analysis+europe+before+and+after+wwi
- https://static.s123-cdn-static.com/uploads/4365646/normal_5fece61aa5ef3.pdf
- http://muzhskoizhurnal.ru/imagenes_de_rostros_de_mujeres_para_dibujar_a_lapiz_facilesvh7qi.pdf
- https://cdn-cms.f-static.net/uploads/4403684/normal_5fd2fc8dbb569.pdf
- https://cdn-cms.f-static.net/uploads/4504554/normal_5fd6ad4076084.pdf
- https://cdn-cms.f-static.net/uploads/4365662/normal_605211727f2ef.pdf
- http://degimogug.mypressonline.com/96927990487.pdf
- http://wopexobow.mywebcommunity.org/ziwaxejaximepekewupedovim.pdf
- http://gopadaxin.mywebcommunity.org/britax_car_seat_protector.pdf
- http://itfamily.pro/inversor_yaskawa_j1000_manual_portugues2p4yu.pdf
- https://cdn-cms.f-static.net/uploads/4424991/normal_6018f512769d6.pdf
- http://doordash.link/vawotibudizolufenubogutw5k9a.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/408d5c05-eb00-4a44-972c-b0c4fac79438/vevozurefipirovepo.pdf
- https://uploads.strikinglycdn.com/files/2e608a57-0cf2-41f1-8ac4-09d4e833a1ee/goriz.pdf
- https://uploads.strikinglycdn.com/files/087bfde6-0bb3-446b-93d7-3ceaf663e0c4/paladijubowojijorulen.pdf
- https://ff5d1526-1eb9-447d-8915-67ca9933f1b4.filesusr.com/ugd/9565fd_7aeac689ebd645998453bdd5ca2a25c8.pdf?index=true
- https://ac65beef-1c88-4b01-a948-251493ed82f2.filesusr.com/ugd/09857b_1752d03f42a14fa0b24b838b2ce64803.pdf?index=true
- https://8eeb1f0a-0cdd-4c66-98a4-83777b49fb54.filesusr.com/ugd/64f9d2_1f14f132675c49638ec7ae235d126776.pdf?index=true
- https://uploads.strikinglycdn.com/files/58f3e3cc-b52e-4a44-bc68-bb546c21f2bf/the_rules_of_the_game_1939_full_movie.pdf
- https://de2ee6d5-caaa-4265-b15c-40100ab77d99.filesusr.com/ugd/d43733_dc5f7497df4844c599d97956709c76b2.pdf?index=true
- https://uploads.strikinglycdn.com/files/bb9ed682-19c4-45a4-9e06-6d79cf5677e6/how_to_evaluate_f1_on_a_graph.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d465.bin9ea6866e98166aaca8185f80184db4a0f241a7e786a2d5aea4d1e48899192f93 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD465 | 5376 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.