MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
T1059.007 JavaScript
This PDF file contains embedded links that redirect to known malicious infrastructure, as indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The ML classifier also flagged this PDF as malicious. The presence of numerous links on disposable hosting suggests a phishing or spam campaign aimed at driving traffic to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.8479
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/award?keyword=building+winning+algorithmic+trading+systems+pdf
- https://cdn-cms.f-static.net/uploads/4449769/normal_5fe964bd9e1a3.pdf
- https://cdn-cms.f-static.net/uploads/4409796/normal_60152f4a5857e.pdf
- https://cdn-cms.f-static.net/uploads/4428341/normal_601d8417e50ac.pdf
- https://cdn-cms.f-static.net/uploads/4503050/normal_60362cd61340d.pdf
- https://timigotevawil.weebly.com/uploads/1/3/5/3/135329967/rusofelijilopexobibu.pdf
- https://sotokogel.weebly.com/uploads/1/3/4/2/134266154/nepimezelexa.pdf
- http://bonozowibewoz.mypressonline.com/bihar_board_10th_syllabus_2020_download.pdf
- https://static.s123-cdn-static.com/uploads/4366347/normal_5ff2a7972c977.pdf
- https://xapeposatu.weebly.com/uploads/1/3/1/4/131437079/webakimurifewim.pdf
- http://tetoxukipim.getenjoyment.net/medical_experience_certificate_format.pdf
- https://pusesame.weebly.com/uploads/1/3/4/6/134662227/dadinimaze.pdf
- https://cdn-cms.f-static.net/uploads/4490953/normal_60494565ad6ae.pdf
- https://pirikanupixiro.weebly.com/uploads/1/3/0/8/130873781/cb843.pdf
- http://xifamopituwoti.iblogger.org/vilazidemu.pdf
- http://folugomobok.getenjoyment.net/ethical_considerations_in_business_research.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://gemivaf.rf.gd/free_beetle_drive_templates_print.pdf
- http://disupenepoka.epizy.com/30240414081.pdf
- http://napamewa.atwebpages.com/bible_new_testament_books_list.pdf
- http://vewitemagim.rf.gd/assembly_language_programming_8051_examples.pdf
- http://jadukubilelib.myartsonline.com/cooperative_argumentation.pdf
- http://fajazimigig.atwebpages.com/why_wont_my_gas_fireplace_pilot_light.pdf
- http://zipemoluligera.myartsonline.com/gedolobe.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fd40.bin01ccb93646ed78fb521320827b74f9bc3f7ea876dcbc469f34843830151ac924 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD40 | 5812 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.