MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9716
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/award?keyword=pearson+anatomy+and+physiology+book+pdf PDF link annotation
- https://cdn.sqhk.co/kafekata/Nbhjjci/durejori.pdfIn PDF document text
- https://cdn.sqhk.co/dugelabomaw/ehnhggc/37084055314.pdfIn PDF document text
- https://nebuxegakox.weebly.com/uploads/1/3/4/4/134404726/48f96c823289.pdfIn PDF document text
- https://cdn.sqhk.co/bitajububida/hHajghN/febeg.pdfIn PDF document text
- https://cdn.sqhk.co/jememobak/dFhfHge/sownictwo_angielski_a1_a2.pdfIn PDF document text
- https://kekageguva.weebly.com/uploads/1/3/0/7/130776826/2990635.pdfIn PDF document text
- https://jodeliloku.weebly.com/uploads/1/3/5/9/135975589/zeximo.pdfIn PDF document text
- https://cdn.sqhk.co/tipefima/lUhipia/general_mcinerney_cia_germany.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/xapidajovaji/off_road_bus_games_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e9aa2ead-b74d-436b-811a-1e5d986efcd7/world_map_countries_outline_vector.pdfIn PDF document text
- https://s3.amazonaws.com/patotale/lujanum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/54c2a982-a127-4f92-affc-556818312688/nemolonibazolabo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/354714be-1dc2-42a1-9a64-c1d5a00abddd/podupupipugegepudinibab.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d1cf80f1-80a4-462a-a2da-e3abc59bb302/the_merchant_of_venice_2004_full_movie.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ecffa4cb-cf5a-4af3-8b00-d6b55946bb21/define_success_quotes.pdfIn PDF document text
- https://s3.amazonaws.com/vuforewebub/plural_proper_nouns_worksheets.pdfIn PDF document text
- https://s3.amazonaws.com/vavebufevodutob/arial_font_type.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/09a2f96a-57c6-448d-a998-e8184771effb/how_to_migrate_exchange_2007_to_office_365.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6a5b1473-2580-46a6-8c40-df81258efb2a/hp_stream_11_pro_g5_notebook_pc_service_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ecc6c826-ef7b-48ca-b199-0009a976c83b/43554494229.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00017f4d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17F4D | 5760 bytes |
SHA-256: 22ad4787846f4192145f9de3c2fce3b02f1a49a0dce7a0de2cff39ac3ea9ef35 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.