MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9967
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/123?utm_term=hard+mathematical+brain+teasers+with+answers PDF link annotation
- https://cdn.sqhk.co/fejisedetu/HnJjggE/vupix.pdfIn PDF document text
- http://doxalasi.mywebcommunity.org/cisco_rv130w_specs.pdfIn PDF document text
- http://vorakumezaxof.mygamesonline.org/avidemux_manual_espaol.pdfIn PDF document text
- https://cdn.sqhk.co/wesaduleb/icrjeU5/12322411470.pdfIn PDF document text
- http://bumasujofoj.getenjoyment.net/fojumovowodisetik.pdfIn PDF document text
- http://letaraluzim.scienceontheweb.net/air_pollution_information.pdfIn PDF document text
- https://cdn.sqhk.co/lomokubaf/cWUdZHq/did_the_ball_drop_in_times_square_2019.pdfIn PDF document text
- http://pobunav.sportsontheweb.net/sajufapuvo.pdfIn PDF document text
- https://cdn.sqhk.co/wafavalufa/endgcjj/30067369430.pdfIn PDF document text
- http://gejokakop.mygamesonline.org/canon_powershot_sx100_is_sd_card.pdfIn PDF document text
- https://cdn.sqhk.co/xapewiwud/kgjXvif/lusakibudigokukudokogoj.pdfIn PDF document text
- http://lakegefufen.scienceontheweb.net/metabolismo_basal.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://jofikuv.atwebpages.com/full_screen_adobe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/020f891d-91dc-4a5c-81f9-938e9aab8fb9/how_to_read_music_notes_symbols.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3cb47a44-4bd4-4704-8adb-e6c3bb6eab3d/15306228205.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8ebb4260-21cc-4b77-ab8f-6d4d1d366442/how_do_i_check_my_child_support_balance_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/82b0e3d7-5315-44f8-baab-f1a92892a906/luzaralelodovijovor.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/56452bcc-56c6-41e4-968d-fb9f9e0a7dbc/mowoduzaduxukonapowipuk.pdfIn PDF document text
- http://fepoxojosatomu.epizy.com/white_rodgers_1f80-361_installation.pdfIn PDF document text
- http://xiwozoget.atwebpages.com/jersey_mikes_menu_mikes_way.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e9761e43-8b28-4d47-9c0d-3364ae0954be/duo_therm_analog_thermostat_wiring_diagram.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4c018d5-e621-40ab-9ae4-443e9dc72609/sir_gawain_and_the_green_knight_movie_sean_connery.pdfIn PDF document text
- http://tegazadolital.rf.gd/68025632368.pdfIn PDF document text
- http://ximawefab.epizy.com/29089064317.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c3c83b57-9745-4c0c-8a40-b5ab44740573/how_to_fix_a_diaper_genie_elite.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/28111a6e-6050-43b7-964f-a184ae409594/tivofedowipemoja.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fd8ac47e-18c9-49c1-b0be-a3bd486b6136/2948449478.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010a08.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A08 | 5372 bytes |
SHA-256: 9aa365fd308619bc278862ec451eff644280ad6288a843f8000a7a2528f18ef1 |
|||
font_01_sfnt_off00011c2a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11C2A | 11264 bytes |
SHA-256: 09e577f56c62bd10366a79a1749a08954c3a7c9eb0267665b06610b9bcf6ecd0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.