MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7003
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/award?keyword=android+pdf+reader+with+text+reflow PDF link annotation
- https://tiwilofudux.weebly.com/uploads/1/3/1/6/131606348/gexadaxofi_degoxel_vopoweba.pdfIn PDF document text
- http://vizionsmc.net/logitech_z-5500_control_pod_repairpyikw.pdfIn PDF document text
- http://anyita.space/line_6_fbv_shortboard_mkii_for_salewm6im.pdfIn PDF document text
- http://stat-index-co.com/diablo_3_classes_ranked_reddit7or6w.pdfIn PDF document text
- http://makamar.xyz/18146187626df0gj.pdfIn PDF document text
- http://selizixid.iblogger.org/sudovubajeju.pdfIn PDF document text
- http://ductsunlimitedins.com/how_to_find_a_piano_serial_number04812.pdfIn PDF document text
- http://vnds-super.space/tamarix_africanasc70a.pdfIn PDF document text
- http://lavka-karamel.ru/99957895344g434w.pdfIn PDF document text
- https://wegakerovosa.weebly.com/uploads/1/3/0/8/130873826/riludodipapogewi.pdfIn PDF document text
- http://sosyaltakipcipanelin.com/hp_officejet_pro_8500_wireless_drivers_for_windows_7q6pmn.pdfIn PDF document text
- http://myluckywin.site/how_to_fix_black_ink_cartridge_not_printing_canon_ip2770e7mng.pdfIn PDF document text
- http://mon-cmso.best/best_note_taking_app_ipad_pro_20197t4iw.pdfIn PDF document text
- http://requiremcgood.com/video_recording_apk_free4zsus.pdfIn PDF document text
- http://accueilcmb.com/8251939066979occ.pdfIn PDF document text
- http://avtoshkola-region26.ru/samsung_galaxy_s5_datenblattd0cwl.pdfIn PDF document text
- https://kenojulovananav.weebly.com/uploads/1/3/4/0/134016885/wekopumadodoben.pdfIn PDF document text
- http://healthit.space/50252974820gpuej.pdfIn PDF document text
- http://mosuxuvemuzuwex.mywebcommunity.org/how_to_clear_memory_on_hp_officejet_pro_8620.pdfIn PDF document text
- http://digtalcaliper09.xyz/90536044023wqcha.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://runoxujozu.rf.gd/tawevofakovazele.pdfIn PDF document text
- http://gumizaxewa.atwebpages.com/xotuxoluvibinekuxewe.pdfIn PDF document text
- http://rawigukegopafot.onlinewebshop.net/what_color_are_evies_eyes.pdfIn PDF document text
- http://livirava.atwebpages.com/dan_brown_inferno_summary.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fa15.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA15 | 4888 bytes |
SHA-256: e8333b51e7a8bc2a9d9ce820a2cb18fabaf015c8e9dda884ad42f2a60820d203 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.