MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a phishing or trojan threat. It contains a significant number of external links, suggesting a link farm or a method to distribute further malicious content. The document body, though heavily obfuscated, contains references to 'Lego instructions', likely a lure to entice users to open the document and interact with its embedded links.
Machine Learning
- Nyx PDF Classifier malicious score 0.8381
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/strik?utm_term=lego+instructions+42082
- https://baputopozim.weebly.com/uploads/1/3/5/3/135336161/72b478.pdf
- https://fopizute.weebly.com/uploads/1/3/4/3/134315067/xadawididuku_gajum.pdf
- https://cdn-cms.f-static.net/uploads/4371509/normal_601fc614a2f62.pdf
- https://bozuwosumexoxal.weebly.com/uploads/1/3/2/6/132682772/624722.pdf
- https://cdn-cms.f-static.net/uploads/4459939/normal_602a89e9e5b55.pdf
- https://zafewogi.weebly.com/uploads/1/3/1/4/131407253/4115119.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/3dadeba5-f1ed-4f91-bb53-a0f084db59ef/resumen_corto_del_cuento_continuidad_de_los_parques.pdf
- https://uploads.strikinglycdn.com/files/d90c1c14-4b61-4e94-9a03-9aa8f013820d/zekiwiwikevofaroze.pdf
- http://vawapod.rf.gd/laboratory_experiments_in_microbiology_6th_edition.pdf
- https://uploads.strikinglycdn.com/files/93c081f5-84c7-41b9-b504-99f9c0d8fa82/14028888231.pdf
- https://uploads.strikinglycdn.com/files/c22d447d-9d87-4d8a-a6d2-14fcdcdc1e5b/miwapiwolipa.pdf
- https://uploads.strikinglycdn.com/files/919bdfc1-e1ce-4cbc-9007-a1f9aeda61dd/what_does_a_b1_service_include.pdf
- https://uploads.strikinglycdn.com/files/a5ccaa9b-87e6-4642-bb26-08da60eb74c0/herman_miller_aeron_chair_repair_near_me.pdf
- https://uploads.strikinglycdn.com/files/1c026435-a7f5-4270-a3d2-ac556d0ac15e/tokyo_ghoul_re_season_2_voice_actors.pdf
- https://uploads.strikinglycdn.com/files/5a89723e-360a-4cbe-92c0-da00baa7422b/electronic_battleship_game_target_australia.pdf
- https://uploads.strikinglycdn.com/files/ace00a0e-35f2-4229-9bc4-c019ead4906e/fatulujibomute.pdf
- https://uploads.strikinglycdn.com/files/6f8e061f-cebd-4608-967e-8fb7f4356c3c/62611618828.pdf
- https://uploads.strikinglycdn.com/files/58b5a74e-87d6-47b3-a4fa-72f867bc5540/los_protocolos_sabios_de_sion_libro_completo_para_descargar_gratis.pdf
- https://uploads.strikinglycdn.com/files/9c9b5686-a2a1-48ef-a294-4a5bb46b786d/wizopofosixumevesogazo.pdf
- http://zomugosesugan.rf.gd/75983532233.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f3be.bin67cfaada24df1252e0cbc7dac1eff6967271822a680b3915aeebc33a5766e8df |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF3BE | 5224 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.