MALICIOUS
132
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The presence of embedded JavaScript and numerous external links, including one pointing to a compromised WordPress upload directory, suggests the PDF is designed to exploit vulnerabilities or deliver phishing content. The embedded JavaScript is likely responsible for initiating the malicious activity, such as downloading a secondary payload or redirecting the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.8932
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://archism.ru/uplcv?utm_term=how+to+tame+a+baby+blue+tongue+skink
- http://hud101.vn/webroot/img/posts/files/70167433420.pdf
- https://sfasg.jp/js/ckfinder/userfiles/files/29483917718.pdf
- http://aliancegroup.su/wp-content/plugins/formcraft/file-upload/server/content/files/160a49700538d3---74427452731.pdf
- http://www.1000ena.com/wp-content/plugins/formcraft/file-upload/server/content/files/160f1e1ad054f2---vusibeg.pdf
- https://www.mixedclass.com.au/wp-content/plugins/super-forms/uploads/php/files/m43q8ccttlllmbmlite5q1kop5/35440947197.pdf
- http://sacoorhealth.pt/site/upload/file/pokuvonuwed.pdf
- https://unicorn.mn/js/ckfinder/userfiles/files/84482852294.pdf
- http://goldmustang.ru/files/files/7009648212.pdf
- http://ubest.ru/images/file/92861280887.pdf
- http://chono.mn/uploads/userfiles/files/27085852989.pdf
- https://popa.com.br/wp-content/plugins/super-forms/uploads/php/files/73375b347a06adb2082c7de57d7afeeb/juporaxadoribuzefu.pdf
- http://vudafrique.com/wp-content/plugins/super-forms/uploads/php/files/93292ec0cce050f82f6128ea87144952/52952781879.pdf
- http://www.theflightfest.com/wp-content/plugins/formcraft/file-upload/server/content/files/160d4da14e1223---17416881242.pdf
- http://camonetinternational.com/files/file/rulagavewuvuwulevebazalar.pdf
- http://zeci.nl/im/image/42327482235.pdf
- http://frederickfollows.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/1608adf88b897c---18605708814.pdf
- https://atlanthealth.com/wp-content/plugins/super-forms/uploads/php/files/d095070d0d8d62509a90998a37e4d364/seguxol.pdf
- http://maduraicaterers.com/app/webroot/js/ckfinder/userfiles/files/21571161809.pdf
- https://poolpoint.be/uploads/file/75388858205.pdf
- http://ttccid.com/userfiles/file/42315733400.pdf
- https://webtraffic.ch/wp-content/plugins/super-forms/uploads/php/files/vqljk4iotqbf3o6eke9c4oejpe/fuzexamaj.pdf
- https://triosms.com/userfiles/file/didibikisuxe.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.