MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many of which are to benign PDF files, suggesting a link farm or SEO poisoning attempt. One prominent external URI, 'https://jottigo.ru/strik?utm_term=descriptive+essay+topics+asked+in+bank+exams', is likely the primary lure. The ClamAV detection and ML classifier strongly indicate malicious intent, likely phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/strik?utm_term=descriptive+essay+topics+asked+in+bank+exams PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://e8c82854-2a0b-4c0f-82de-bac600ce06e6.filesusr.com/ugd/d017d5_c65e2448fe9c40ddbb762f8531d36efe.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/939487de-1f16-4503-a154-61eeeafa7f9f/53924278378.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aaca8c81-d618-49bc-bbeb-831affb3e120/95694049931.pdfIn PDF document text
- https://3d7c42e8-cad9-4196-8f3c-0f210fd97588.filesusr.com/ugd/1b7c00_728ea9a08827465e83b5a62f2622b409.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jazuravazaguz/cba_codigo_brasileiro_aeronutico.pdfIn PDF document text
- https://8f1c0ae7-1ba6-4c51-a623-4d29f5e3aebb.filesusr.com/ugd/c1615c_7e99a159e3dc404eb479ea211cd4b4a1.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/padadutiseni/seriki_agbalumo_mi_instrumental.pdfIn PDF document text
- https://s3.amazonaws.com/kiwopusafize/51924714398.pdfIn PDF document text
- https://s3.amazonaws.com/desenaz/ultrasound_scan_report_boy.pdfIn PDF document text
- https://s3.amazonaws.com/juwofuxufijup/neet_2020_form_last_date.pdfIn PDF document text
- https://s3.amazonaws.com/paxuvagal/access_to_information_and_privacy_act_cic.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0926c07b-40c1-495e-abb9-1fddb830eb01/jack_lalanne_fusion_juicer_instructions.pdfIn PDF document text
- https://s3.amazonaws.com/penefelomiju/ewg_guide_to_safer_sunscreens.pdfIn PDF document text
- https://237a2310-9536-43ad-add1-fe73b840a51a.filesusr.com/ugd/8b319d_7dca80de73c74b5789a96fe15f7eacbd.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/0105f4f0-7194-47ff-b868-67a5b24c4311/bulking_meal_planner_app.pdfIn PDF document text
- https://1f2f8e77-98df-4c5e-b88a-83bc2b612b58.filesusr.com/ugd/5c7528_de0af3455254493fabb7baee979f27ad.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/zoromexemuzid/pisarofawap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fba5f859-1b72-4ca1-920d-b35093b9fa5e/rugexuku.pdfIn PDF document text
- http://jidibavozajo.epizy.com/nios_assignment_front_page_image.pdfIn PDF document text
- http://katufimeg.rf.gd/learning_arduino_code_language.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f72c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF72C | 5620 bytes |
SHA-256: 9ef4f279bc74f200b5ba4e25e9930fa17bcb41de2fcc01b7c371b966168e932e |
|||
font_01_sfnt_off00010a4b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A4B | 11160 bytes |
SHA-256: 056959c8d9b46924a64dc5b7dbc71fc3adc989d67a19981359a1dc2e70701fcb |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.