MALICIOUS
144
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as malicious by ML classifiers and ClamAV, and exhibits characteristics of a phishing lure. It contains an embedded URL that redirects to a suspicious domain, likely intended to deliver a second-stage payload or phish for credentials. The document body is heavily obfuscated, but the presence of external URIs and the overall structure suggest a malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.7978
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 49 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/strik?utm_term=jump+force+character+pass+2+yoruichi
- https://cdn.sqhk.co/vawadawuleja/jjh6Kha/early_bird_gets_the_worm_full_quote.pdf
- http://memiwuv.mygamesonline.org/alice_in_wonderland_tagalog.pdf
- http://puduvab.sportsontheweb.net/sociologia_politica_libro.pdf
- http://toxusuzom.mypressonline.com/300_questions_about_me.pdf
- http://rimujitibux.mypressonline.com/gedofupodedetotavizub.pdf
- https://cdn.sqhk.co/vurelakixu/ifljaDg/nifomu.pdf
- https://cdn.sqhk.co/dagozuwemep/jjrHZwD/91534729521.pdf
- http://lejiletuvasipib.onlinewebshop.net/59645602039.pdf
- https://uploads.strikinglycdn.com/files/c4ddd152-9b7e-4a7d-93ed-ab5cb1093728/what_are_the_44_sounds.pdf
- http://mozutulobiris.onlinewebshop.net/kadowupopet.pdf
- https://s3.amazonaws.com/zolerazowubow/avatar_maker_free_no.pdf
- https://uploads.strikinglycdn.com/files/ad04ffd6-1a43-4b10-8989-a24253105edc/zuraluzuxadet.pdf
- https://s3.amazonaws.com/jizubisetebof/15738406510.pdf
- https://s3.amazonaws.com/nuruvapozixix/riguvexor.pdf
- http://suruliloxapesas.myartsonline.com/race_car_aerodynamics.pdf
- https://584abdf6-e408-48d3-a53c-4313a8f82471.filesusr.com/ugd/18ee90_a60aa1815cb14bfa81a2075a63b09f5c.pdf?index=true
- https://dc6b22d1-fd3c-476a-b8f1-b0505981f591.filesusr.com/ugd/ab5adf_745a8e99f607430296cc9f2cae00f9ac.pdf?index=true
- http://tonavisuma.onlinewebshop.net/97925148905.pdf
- https://46ebecaa-9490-439b-bba6-ee77f1a6ca93.filesusr.com/ugd/cee8a1_13c4cfe5fc6e48c68136f38159aae795.pdf?index=true
- http://gitodake.myartsonline.com/fafubuni.pdf
- https://uploads.strikinglycdn.com/files/488188a2-2fde-4aa5-9172-376cfdca5391/bujumesazoko.pdf
- https://s3.amazonaws.com/baxegezivumi/mu_slide_p_min_ph.pdf
- https://63c031ef-a76e-4574-b6c7-b683c5cdde0f.filesusr.com/ugd/3a5e7a_53386b9c310f453db067a115fb361b08.pdf?index=true
Open this report in the interactive analyzer, or submit your own file for analysis.