MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/wix?keyword=unblocked+games+game PDF link annotation
- http://damvglaz2.xyz/rotukexilufezinugiyrrlx.pdfIn PDF document text
- http://pewujok.mypressonline.com/20296352448.pdfIn PDF document text
- http://julaximufe.66ghz.com/funny_happy_birthday_video_song_funzoa.pdfIn PDF document text
- http://vatidenow.medianewsonline.com/gusuzov.pdfIn PDF document text
- http://timelessdecorum.com/auto_body_shop_software_freexqv71.pdfIn PDF document text
- http://mgacessoria.online/playable_races_warhammer_total_war_2om0yx.pdfIn PDF document text
- http://kokolonesafu.getenjoyment.net/kipunipasikeba.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://99470c7d-c692-4648-a7b8-36ea19db2883.filesusr.com/ugd/ab059d_6124e02c460d4ddea0c1eb5fdb98d7f0.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/f9188b30-8a81-4578-8fbf-e421b2a717f9/41473099659.pdfIn PDF document text
- http://repafow.epizy.com/48730296988.pdfIn PDF document text
- https://4e33067b-0f13-4bed-bb9c-ea95f768fd7c.filesusr.com/ugd/23924c_d7164f6a35f0428db844b2de600814ba.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/900946ba-3cd8-447e-bfaf-404e229a428b/98704094164.pdfIn PDF document text
- https://b564fea6-732e-489f-a029-a72dc6590de2.filesusr.com/ugd/6a4619_93a404626dce4af8a395ddbbc464116d.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/lazolu/how_to_turn_on_bosch_800_series_dishwasher.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a07f2238-a254-45af-b70f-fcaeba312536/19537627657.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/889341a4-e92c-4105-9111-ecccabd8874b/york_95_furnace_installation_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3deac1d0-e96e-445a-844c-3dbf0524b780/61519427643.pdfIn PDF document text
- https://38aad9b5-7a72-45b8-ac81-9fe73ce82000.filesusr.com/ugd/08338c_385cd0ccaf48402e8f53b028c06f4c37.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/kozibowisenatu/mechanical_engineer_job_outlook_australia.pdfIn PDF document text
- https://s3.amazonaws.com/kelukakeb/interrogative_into_assertive_sentences_exercises.pdfIn PDF document text
- https://s3.amazonaws.com/bulujono/winezivigobovo.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dc4f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC4F | 5356 bytes |
SHA-256: ab209c6186d687e92e112a7326f7d3fb1b2319951eb59f5b37459759cf7d2ac9 |
|||
font_01_sfnt_off0000ee7e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE7E | 10176 bytes |
SHA-256: ddc6a2ef177373da8c3a0e72389a4ffcb1053a4b38f3c91d1673c81a73c2a231 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.