MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF file contains numerous external links, many pointing to compromised WordPress sites, suggesting a phishing or malware distribution attempt. ClamAV detection and ML classification confirm its malicious nature. The embedded links likely serve as a lure to download further malicious content or phish for credentials.
Machine Learning
- Nyx PDF Classifier malicious score 0.5018
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://synerhu.ru/uplcv?utm_term=how+to+earn+coins+in+pokemon+go PDF link annotation
- https://diaspoassur.com/wp-content/plugins/super-forms/uploads/php/files/0cea6c5a1f581cb8ef92a5459bc55345/20468612889.pdfIn PDF document text
- https://mwasafat.com/uploads/files/40657086018.pdfIn PDF document text
- https://www.sgestrecho.es/wp-content/plugins/formcraft/file-upload/server/content/files/1608c29db2e845---2825025348.pdfIn PDF document text
- http://gptools.net/userfiles/file/92704530196.pdfIn PDF document text
- https://outsourcedbackoffice.co.uk/wp-content/plugins/super-forms/uploads/php/files/de275df6009e8032403a04bd32904151/zesup.pdfIn PDF document text
- http://terapie-psi.ro/wp-content/plugins/formcraft/file-upload/server/content/files/160cf8184552cd---mefadudiziruli.pdfIn PDF document text
- https://arizonapoolcontractor.com/wp-content/plugins/formcraft/file-upload/server/content/files/160cb320209a0e---56315182896.pdfIn PDF document text
- https://mymovingestimate.com/wp-content/plugins/super-forms/uploads/php/files/d6219cf77d61818648f4a15a1aa96308/47837834371.pdfIn PDF document text
- http://alibabashipping.com/userfiles/file/badun.pdfIn PDF document text
- http://portalcom-b2b.es/img/user///file/_0588736001624551224.pdfIn PDF document text
- https://idfusionllc.com/wp-content/plugins/super-forms/uploads/php/files/7c39706d8cb3f388f45576423e0ae1d4/29509448700.pdfIn PDF document text
- https://www.inkfactory.pk/wp-content/plugins/formcraft/file-upload/server/content/files/160b75253c1c46---5290939279.pdfIn PDF document text
- https://mayurherbal.com/userfiles/file/85678604961.pdfIn PDF document text
- http://scro.ru/pic/file/24834760627.pdfIn PDF document text
- http://www.iamgoingto1996.com/wp-content/plugins/formcraft/file-upload/server/content/files/160c74514c92a1---warawofovuvofawonovopula.pdfIn PDF document text
- https://www.helpagesl.org/wp-content/plugins/formcraft/file-upload/server/content/files/16080a4e6ecea5---niresuzu.pdfIn PDF document text
- https://gz-topstar.com/wp-content/plugins/super-forms/uploads/php/files/d79d3d84ec2bc4f78a127ba9e14d57ba/zemuratopadogegeg.pdfIn PDF document text
- https://blackknowledge.com/wp-content/plugins/super-forms/uploads/php/files/f0b223b70628714edf857bda3a97e980/tefaxib.pdfIn PDF document text
- http://raduzhniy.com/wp-content/plugins/formcraft/file-upload/server/content/files/160b79f8ea338a---gitel.pdfIn PDF document text
- https://n-v-v.dk/userfiles/file/20382593435.pdfIn PDF document text
- https://walkandsmile.com/userfiles/file/defupa.pdfIn PDF document text
- https://thejasmineway.net/wp-content/plugins/super-forms/uploads/php/files/9vipbfqtbg9j21akkqh37bk289/3324509685.pdfIn PDF document text
- http://www.multigacos.com/admin/uploaded/fck/file/17017382455.pdfIn PDF document text
- https://bettenbaehren.de/wp-content/plugins/formcraft/file-upload/server/content/files/1607e42583e928---wiwuti.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.