MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains embedded URLs and metadata suggesting it is part of an SEO spam or phishing campaign. The heuristic PDF_SEO_LINK_FARM indicates a large number of external links, and the primary URL points to a domain that appears to be involved in distributing malicious content. ClamAV detection further confirms the malicious nature of the file, identifying it as Pdf.Phishing.Trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/award?keyword=cancioneros+cristianos+para+guitarra+pdf PDF link annotation
- https://cdn.sqhk.co/zoribakim/gcvFEIX/reaper_miniatures_uk_store.pdfIn PDF document text
- https://cdn.sqhk.co/feguzuvubut/ahE8Mii/58742258072.pdfIn PDF document text
- https://cdn.sqhk.co/vokipidelad/ggjd2ii/lake_superior_ice_fishing_report.pdfIn PDF document text
- https://cdn.sqhk.co/zuxafopagad/cWxJ3gh/call_of_duty_mobile_gameplay_video.pdfIn PDF document text
- http://wisatemubudu.medianewsonline.com/donate_used_toys_uk_2020.pdfIn PDF document text
- https://cdn.sqhk.co/pumibavi/6NIe1wm/86492906345.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/a30f1f11-50ce-4e72-a370-75dd594661a8/how_much_does_a_district_attorney_in_la_make.pdfIn PDF document text
- https://e1c07d4e-6587-4767-b76f-5dea9cf3e327.filesusr.com/ugd/51a829_a21f4a44bc5943bda7d038ffc9359de4.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jedobufudajewu/cadbury_sixth_form_college_term_dates.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f3cb931-4dff-4573-bdfc-c380e5af3d79/autocad_printing_3d_hidden.pdfIn PDF document text
- https://5c839259-519f-4cee-a1a2-6639d654070b.filesusr.com/ugd/140efa_ab732f9ca0044c1a8a8304c2f60fa73a.pdf?index=trueIn PDF document text
- https://1fd079ea-3156-4ae8-a0b4-6153e0b529c5.filesusr.com/ugd/e66bf7_57e37be07fdd498682ca28394cc431d7.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tosevud/67788778025.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7d1adfd6-8f2b-4e24-8dbc-74c685d96d5f/56489075913.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3eb235ed-d066-49ec-9bcd-1f336e291fcb/43988842819.pdfIn PDF document text
- https://db6d201d-bdff-4648-9982-d9cfaac7639e.filesusr.com/ugd/98857b_db97b470391946ffb0632d095f5719b3.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gixirojozogufux/reportagem_sobre_o_desmatamento_na_amazonia.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2bf7778b-eee6-48c9-84da-6961ff908f8a/html5_table_text_size.pdfIn PDF document text
- https://s3.amazonaws.com/jarawaxanivu/8th_grade_algebra_problems_worksheet.pdfIn PDF document text
- https://s3.amazonaws.com/dozore/side_nav_bar_android_studio.pdfIn PDF document text
- https://s3.amazonaws.com/tozaduliwubega/man_sings_golden_girl_theme_song_tiktok.pdfIn PDF document text
- https://7be8961d-effb-4c78-a255-78c3c9f0be09.filesusr.com/ugd/3dd68e_11a67e0694ea4a7d9dfa1542c03db75f.pdf?index=trueIn PDF document text
- http://bepolujogox.atwebpages.com/merovevipolaro.pdfIn PDF document text
- https://s3.amazonaws.com/bibejovixapis/18146607087.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010e8b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10E8B | 5196 bytes |
SHA-256: 4bbd387432ccd560556d2ea897d7ac8dc7e9975d6980d8fdf8842ad283e7cc52 |
|||
font_01_sfnt_off0001203f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1203F | 11460 bytes |
SHA-256: de110b72f8446c5d8ec50485a1fe604cb8a3b9ca578c94f38f194827d2e44d59 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.