MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document is identified as malicious by multiple heuristics and ClamAV, indicating it's a phishing or malware distribution attempt. The 'Image-only document with action trigger' heuristic suggests it uses a screenshot as a lure, containing clickable external URIs. The primary suspicious URL is https://xajibur.ru/award?keyword=biology+grade+10+12+textbook+pdf+download, which is likely used to redirect the user to a malicious site or download a payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.7249
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 68 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/award?keyword=biology+grade+10+12+textbook+pdf+download
- https://jomagikovire.weebly.com/uploads/1/3/1/4/131408086/berapuzirep-lakapoxotu-xamotusavu.pdf
- https://bivufinemena.weebly.com/uploads/1/3/1/3/131380184/9edbeb60088a521.pdf
- https://static.s123-cdn-static.com/uploads/4453551/normal_5fcc0c55c9530.pdf
- https://cdn-cms.f-static.net/uploads/4487187/normal_601854e27cbc6.pdf
- http://xalisuvo.22web.org/wow_8._0_assassination_rogue_guide.pdf
- https://cdn-cms.f-static.net/uploads/4445889/normal_600f07dbcb0c3.pdf
- https://cdn-cms.f-static.net/uploads/4489045/normal_60370c37e011a.pdf
- http://zobebukore.22web.org/final_fantasy_6_steam_guide.pdf
- https://sivipafegedijog.weebly.com/uploads/1/3/4/4/134443607/e2911d4c97f9.pdf
- https://static.s123-cdn-static.com/uploads/4486193/normal_60078c8e234f8.pdf
- https://womomoko.weebly.com/uploads/1/3/4/8/134848640/sagaxubupegi_doxap_xozuroj_vogokoto.pdf
- https://static.s123-cdn-static.com/uploads/4412895/normal_5fdd725d9ea49.pdf
- https://a72b158e-cead-41d6-a0b3-8518216316a4.filesusr.com/ugd/35c6e2_980e0a3ff42c4b5dab92e80882bb3c09.pdf?index=true
- https://ff4d9611-e7ea-45f2-85d3-f0b464ef817f.filesusr.com/ugd/48f461_c1bc9848d37c4b68ac547d29a76a1f22.pdf?index=true
- https://011f98f8-b45f-4578-a2fd-466b530f7845.filesusr.com/ugd/74e905_264fa17d774b4ec9b53f647cc17c9508.pdf?index=true
- https://46c0acaa-de7d-4f46-84f0-c2cf1d8ff7d9.filesusr.com/ugd/ac1638_7339c54de7f34076b534e4666f70d37e.pdf?index=true
- http://matogojetize.rf.gd/96372661245.pdf
- https://b8436764-02b3-4471-8711-1e8fed235cf0.filesusr.com/ugd/3b3fbb_273d2b4071004b34a572c210b49b34ea.pdf?index=true
- https://75edee45-cd08-43cb-a752-0c33e5c2343f.filesusr.com/ugd/a7c173_9b0a997d52444649bbfa3528e516103f.pdf?index=true
- https://9e2901ea-5d25-41a5-867c-54d0774c6e48.filesusr.com/ugd/4d0f37_2900fcada29048499d6d4e14cfe7696f.pdf?index=true
- https://cb0920a4-0dfc-4587-8161-bd3bf883b043.filesusr.com/ugd/df391a_65b41573a7804fad85feab209a1bad87.pdf?index=true
Open this report in the interactive analyzer, or submit your own file for analysis.