MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains numerous embedded URLs pointing to disposable domains and link farms, suggesting a phishing or malware distribution scheme. The presence of 'utm_term' parameters in some URLs further supports a campaign-driven lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.6727
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/aws?utm_term=g+shock+5146+ga110rg
- http://arenaprobet.com/reped39oia.pdf
- http://organicnu.info/xenujb73h2.pdf
- https://cdn.sqhk.co/tubafejog/fje2gf7/craigslist_los_angeles_california_motorcycles.pdf
- http://lianhua.life/batman_villain_joker_theme_musicus3m1.pdf
- http://rineset.xyz/dabanivobemezix7ivc0.pdf
- https://cdn.sqhk.co/mozigizax/ejbJOaJ/linirizepidido.pdf
- http://twenty-promo2020.ru/how_to_use_aqua_tech_5-15itk3p.pdf
- https://cdn.sqhk.co/xaderipamuva/gj5wzPU/31215497035.pdf
- https://cdn.sqhk.co/zefadanexa/UONDgjG/steps_involved_in_risk_management_process.pdf
- http://wubowobipevoto.mywebcommunity.org/61407033390.pdf
- https://cdn.sqhk.co/pilozarager/gfij2Kl/jisugorul.pdf
- http://tuwimig.scienceontheweb.net/dovumexazixilunu.pdf
- http://chestlune.online/fexelitusabanejajcy8hj.pdf
- http://nuvagefo.medianewsonline.com/barrier_free_design.pdf
- https://cdn.sqhk.co/zeterabaxax/Ajajfja/juvoraw.pdf
- http://daddytestit.xyz/what_is_the_most_important_part_of_writing_a_professional_emailhkm06.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://roxujewov.myartsonline.com/read_the_apocrypha.pdf
- https://s3.amazonaws.com/vonutavekip/parigitisozofabuwel.pdf
- https://s3.amazonaws.com/saziwijaxodav/honda_eu1000i_generator_review.pdf
- https://s3.amazonaws.com/julaxel/excel_spreadsheet_template_for_coin_inventory.pdf
- https://s3.amazonaws.com/pidufozu/hdfc_ergo_general_insurance_motor_claim_form.pdf
- https://s3.amazonaws.com/dutuzanob/agerigna_keyboard_apk.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000da19.bin37de5730e1686c7f25ccf4735106c308f4e2a7a65aaa27c92e750ff062245a9d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA19 | 21080 bytes |
font_01_sfnt_off0001180e.binfa2b3baca3b617db06ae950db19b3bb3e779cab670e7bfcd7288af479e4a6648 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1180E | 5684 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.