MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file is identified as malicious by ML classifiers and ClamAV, and exhibits characteristics of a link farm. It contains numerous links pointing to external PDF files hosted on compromised websites, suggesting a phishing or malware distribution scheme. The document body, though heavily obfuscated, indicates a lure related to 'CCNA exam model paper PDF'. No scripts were extracted, but the presence of external links and the nature of the heuristics strongly suggest a malicious intent to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.6781
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://eduinfinite.com/wp-content/plugins/super-forms/uploads/php/files/ad7fae6e5cf0434c2266a5edf3ef8520/27825590226.pdf
- https://maxim-catering.de/wp-content/plugins/super-forms/uploads/php/files/pmb867ulelilnhob7fu2s22eiq/92082057025.pdf
- http://orgue-chantepie.info/FCKeditor/upload/file/zivepebimudetaposaf.pdf
- http://www.deopendeur.org/imgUser/file/20185513260.pdf
- https://kindliving.org/wp-content/plugins/super-forms/uploads/php/files/tmp/nupew.pdf
- https://www.nobleorthodontic.com/wp-content/plugins/super-forms/uploads/php/files/b006aea30232567decebb92c10d0d8c7/13446396713.pdf
- https://alternativecarrepair.com/userfiles/file/fezuwezazerofu.pdf
- http://www.tif.cn/wp-content/plugins/super-forms/uploads/php/files/cnf41k33nd775tls790c52l0jh/54636883121.pdf
- http://www.gainerwindows.ca/wp-content/plugins/super-forms/uploads/php/files/r2lih57gnsd90keinnb628bib2/jokipujirizusexaj.pdf
- http://www.auditsi.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609f1bc7a7661---legolezebi.pdf
- http://pferdefreunde-brueckenhof.de/sites/default/files/userfiles/file/ferokasedoxuwotolek.pdf
- https://ifacemount.com/wp-content/plugins/super-forms/uploads/php/files/01po1ludo1tbr9svodfmr96r4f/nediwawoxixajipekafajosab.pdf
- https://admonks.ru/wp-content/plugins/super-forms/uploads/php/files/12717d6a2d52f02af046d4965e6c7161/nomogifigika.pdf
- https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/S30rS-6n6vg/uplcv?utm_term=ccna+exam+model+paper+pdf
Open this report in the interactive analyzer, or submit your own file for analysis.