MALICIOUS
174
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.6388
Heuristics 7
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://loheb.co.za/XSRYdR1H?utm_term=balance+sheet+accounts+examples PDF link annotation
- https://monarchwinemerchants.com/wp-content/plugins/super-forms/uploads/php/files/4bcd340e0d3d3b6e586134d8889ebe8a/soraruxuwelapibip.pdfIn PDF document text
- http://suaups.net/userfiles/file/69174451705.pdfIn PDF document text
- https://unixsensor.com/uploads/files/202111201659557532.pdfIn PDF document text
- http://barcodeegypt.com/public/kcfinder/upload/files/monekisixuz.pdfIn PDF document text
- http://globalfeedindustry.com/upload/files/25738065384.pdfIn PDF document text
- http://tlumacz-bialystok.pl/pliki/file/xozipewewabo.pdfIn PDF document text
- http://vsezip.ru/public/kcfinder/upload/files/kelubibunugedo.pdfIn PDF document text
- http://kebirbeton.com/userfiles/file/75948968504.pdfIn PDF document text
- http://softtox.pl/new/userfiles/file/94181920322.pdfIn PDF document text
- http://industrialdevices.in/uploads/53873296866.pdfIn PDF document text
- http://sjhrz.com/images/upload/File/latono.pdfIn PDF document text
- http://xn--80aaaaaikdebj9ccf1ayja1b5a3q.xn--p1ai/ckfinder/userfiles/files/nomazubovezazero.pdfIn PDF document text
- http://for-man-woman.ru/userfiles/files/wegenavavosisubusavene.pdfIn PDF document text
- http://chunmianxian.com/upfolder/e/files/20211201130001.pdfIn PDF document text
- http://mmkotomasyon.net/userfiles/file/libusok.pdfIn PDF document text
- https://placc.info/up_image/zokuvubopekilesenago.pdfIn PDF document text
- http://zuche0551.com/upload/file/38502591522.pdfIn PDF document text
- http://cyklo-sport-servis.cz/UserFiles/File/wirowajan.pdfIn PDF document text
- https://ohligschlaeger-berger.de/wp-content/plugins/formcraft/file-upload/server/content/files/161db498297da6---bizubefamis.pdfIn PDF document text
- https://gp-lighting.com/editor_upload/file/nigetonakibijiluxokado.pdfIn PDF document text
- http://www.absolutecateringla.com/wp-content/plugins/formcraft/file-upload/server/content/files/1618e2032239dc---foziren.pdfIn PDF document text
- http://mastrodibaglio.it/userfiles/files/59968591852.pdfIn PDF document text
- https://www.miotsukushi.or.jp/system/ckfinder/userfiles/files/mopugusuf.pdfIn PDF document text
- http://webcertain.ca/contentupload/fckeditorUploads/organization_/file/79898352085.pdfIn PDF document text
- https://www.bountyvacation.com/wp-content/plugins/formcraft/file-upload/server/content/files/161ec92e792ec7---87775559596.pdfIn PDF document text
- https://kawanmto.com/contents/files/46365461374.pdfIn PDF document text
- http://bresky.cz/res/file/zuzomapebevotabupepajimil.pdfIn PDF document text
- http://dip.natura2000.pl/imgturysta/files/bigiwebovobanugo.pdfIn PDF document text
- http://allgeology.ru/ckfinder/userfiles/files/zimipibenovususuza.pdfIn PDF document text
- https://www.bouldersudbury.org/wp-content/plugins/formcraft/file-upload/server/content/files/1618de7fb8daad---wedosomifib.pdfIn PDF document text
- http://krattenreiniging.nl/media-upload/files/majagogatapowomukagosevo.pdfIn PDF document text
- https://robustbrakes.com/administrator/imagetemp/file/32267782602.pdfIn PDF document text
- https://robertmatzuzi-massagetherapist.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/16138701d3c1c8---zovozodanagabij.pdfIn PDF document text
- https://partetesal.ir/data/file/xetezivifelimuvetiku.pdfIn PDF document text
- http://asthmabd.net/journal/assets/ckeditor/kcfinder/upload/files/vusitokaj.pdfIn PDF document text
- http://brenno-tojestto.pl/userfiles/file/fomefexemerosekusimumujip.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn extracted file (font_00_sfnt_off0004f308.bin)
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn extracted file (font_00_sfnt_off0004f308.bin)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0004f308.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4F308 | 16340 bytes |
SHA-256: f87505e67a9f8142e455644417d7359bb2351366fa38981509f9862fed1956ad |
|||
font_01_sfnt_off00051d20.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x51D20 | 10704 bytes |
SHA-256: be857d82db758d17594299048758c559617848de9c2dd4aae87065428340b7b1 |
|||
font_02_sfnt_off00053599.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x53599 | 16416 bytes |
SHA-256: cfa2c3fbce80cc5607e01af033b793d17c57c214fb1d96e845eedea48cccd336 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.