MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous embedded URLs, many of which point to disposable hosting and are used in a link farm, a common tactic for phishing or malware distribution. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though heavily obfuscated, contains text related to programming a remote control, likely serving as a lure to entice users to click the malicious links.
Machine Learning
- Nyx PDF Classifier malicious score 0.9417
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/strik?utm_term=how+to+program+dish+40.0+remote+to+joey
- https://cdn-cms.f-static.net/uploads/4388293/normal_5fd1305bd6ede.pdf
- https://static.s123-cdn-static.com/uploads/4416149/normal_5fdfc6853ccb2.pdf
- http://chambrely.xyz/loxesujisusudu36k00.pdf
- https://cdn-cms.f-static.net/uploads/4449788/normal_600f1f9ada1db.pdf
- https://bewulikafujisew.weebly.com/uploads/1/3/5/3/135326730/kutetaxaxamufe_gaxevosijonu.pdf
- http://fusubakitakudup.66ghz.com/95725460902.pdf
- https://static.s123-cdn-static.com/uploads/4488317/normal_5fff7ab5d8d67.pdf
- https://mebavowu.weebly.com/uploads/1/3/4/3/134353315/rajeroxogufofubok.pdf
- http://pubgmobiie.com/zunakewatamasufaguxagirnfznp.pdf
- https://pananufizusa.weebly.com/uploads/1/3/4/4/134445813/c9e94e.pdf
- https://teguvubab.weebly.com/uploads/1/3/4/3/134347924/5fd111a938608f.pdf
- http://tefulen.iblogger.org/fofejakekurisenuzazimi.pdf
- https://ritosigom.weebly.com/uploads/1/3/1/4/131453630/12779.pdf
- http://sorebifisawug.22web.org/depumuden.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://dovadef.epizy.com/les_miserables_musical_dvd.pdf
- http://metorudadoz.rf.gd/retazowipo.pdf
- http://fuvituze.epizy.com/37989532027.pdf
- http://nizixeto.epizy.com/wanazujibopez.pdf
- https://uploads.strikinglycdn.com/files/13de0167-8e73-4228-8293-47ba53704bea/83711073811.pdf
- http://pamemoroza.epizy.com/crossfire_ph_manual_patch_september_2019.pdf
- https://uploads.strikinglycdn.com/files/ed061c10-a474-40af-afe2-3b3c987b4219/jovezibujezokanex.pdf
- https://uploads.strikinglycdn.com/files/c91bfd0e-68a0-4b3c-9f34-6d3d4c95bed2/96004349715.pdf
- https://uploads.strikinglycdn.com/files/f1b6c21e-894b-4d33-b2c6-1497e406ed8d/jvc_kd-r330_manual_espaol.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e56a.binab70e5925196264e6aa29eb6fe38669ce8f88f5750743502001b8f20a622c17f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE56A | 5836 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.