MALICIOUS
184
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link farm with numerous external URLs, many pointing to disposable domains, suggesting a phishing or malware distribution attempt. The ML classifier and ClamAV detection strongly indicate maliciousness. Although no scripts were extracted, the PDF structure and embedded links are indicative of a malicious document designed to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.8535
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/strik?utm_term=alaska+driver%2527s+manual+flashcards PDF link annotation
- http://svoytrylend.xyz/83387751166cme9.pdfIn PDF document text
- http://verenica.net/793094596689izqm.pdfIn PDF document text
- http://arenda-comp.space/40597377302xjrbk.pdfIn PDF document text
- http://namelesssouth.xyz/canales_de_distribucion_unamymhdp.pdfIn PDF document text
- http://visionnew.xyz/63439117162cegkg.pdfIn PDF document text
- http://itali-big.space/lepitezojirexuyqf2d.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ad78acac-5c4b-4245-a275-417bd77e6f1d/tarot_for_dummies_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e98d4424-26ce-4b48-8f5c-c2555d5b0915/kedawat.pdfIn PDF document text
- https://s3.amazonaws.com/lupuvogotog/sagorifupifikazen.pdfIn PDF document text
- https://945b3f91-9c76-4178-be32-f0dab3cfe2c6.filesusr.com/ugd/8d5d69_eff134a0776c4a8090f889b746822a54.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/c0e735e8-2130-41ee-bbc7-7e48be7d0409/why_is_my_ego_battery_flashing_yellow.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/22d75091-8abf-495a-ba6c-9b8f26132b8c/2414515949.pdfIn PDF document text
- https://s3.amazonaws.com/paxunu/zutigikixezanoj.pdfIn PDF document text
- https://4cf2acc4-d143-4013-a78d-f21de0873c4f.filesusr.com/ugd/e4636f_dbc544ca1f3e4f4ba1935dcbb68cfc62.pdf?index=trueIn PDF document text
- https://200c4c3d-185b-4246-b99f-f40cd7065c99.filesusr.com/ugd/3ed902_c2f871b4229c4cf1af3b9f2517b49e8a.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/88a6bc5b-89fc-4e32-a0e9-79878c0c02ed/70335330217.pdfIn PDF document text
- https://s3.amazonaws.com/peveziwoguxuzam/vibez.pdfIn PDF document text
- https://4bf641bf-117a-4913-931f-55e49063997f.filesusr.com/ugd/5befcb_f0a77630eaa84e508b299e19d4ed65ca.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/6cf8a74b-072d-42a1-b513-168be31986de/best_math_books_for_preschoolers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f76123f-6de0-425a-a138-4d1d1754aa95/how_to_connect_yogg_smart_wristband.pdfIn PDF document text
- https://s3.amazonaws.com/rurosaveruk/12915504067.pdfIn PDF document text
- https://ba3a7bb5-edd2-4228-b29c-cf272df6a868.filesusr.com/ugd/bd1c09_2234af8f42da46fd85f58d262cb420ac.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/4f707852-a84b-423b-8953-f989aac13b7b/88656299949.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d759.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD759 | 5408 bytes |
SHA-256: 5280c0daf1aee099eb0c8ae9cff47ff964cf126f9a43b5b10b5e216b3893d1c7 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.