MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous embedded links, many of which point to known malicious redirectors or disposable hosting, suggesting a phishing or scam attempt. The ML classifier and ClamAV detection strongly indicate malicious intent. Although no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a malicious document designed to redirect users to harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9369
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/aws?utm_term=casio+ctk-2400+price In PDF document text
- http://zazegafila.22web.org/magupiborawixo.pdfIn PDF document text
- https://cdn.sqhk.co/miviterul/fPrkjh8/fake_novel_your_own_tsundere_roof.pdfIn PDF document text
- https://cdn.sqhk.co/seponidozit/emvjfkR/18933655399.pdfIn PDF document text
- http://pannochki-art.com/disney_cruise_lines_openingpy90p.pdfIn PDF document text
- http://fawetugamuxix.66ghz.com/11860550439.pdfIn PDF document text
- http://jarowulizose.sportsontheweb.net/tutorial_dreamweaver_bahasa_indonesia.pdfIn PDF document text
- http://mikazuxo.mypressonline.com/commodore_64_emulator_windows_xp.pdfIn PDF document text
- https://cdn.sqhk.co/zejejofe/DjeT8xv/timujijageputakidi.pdfIn PDF document text
- http://bigpleasure.ru/which_function_does_not_belong_with_the_other_three5quk1.pdfIn PDF document text
- http://pazolozul.mypressonline.com/70701591909.pdfIn PDF document text
- http://usesoda.pro/canon_eos_600d_vs_650d_reviewl1tdq.pdfIn PDF document text
- http://dalifajebuxog.scienceontheweb.net/active_listening_skills_exercises.pdfIn PDF document text
- https://cdn.sqhk.co/xupodafib/hfjbgi1/healthy_breakfast_with_eggs_and_spinach.pdfIn PDF document text
- http://nomenowunesazoz.scienceontheweb.net/lateral_thinking_of_withered_technology.pdfIn PDF document text
- http://pevipitoz.atwebpages.com/best_to_word_document_converter_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aff7e3be-6340-4235-8ec8-4d3e18b390b4/wesilebijazi.pdfIn PDF document text
- http://pewatenibojip.rf.gd/understanding_business_textbook.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cd39ce36-a8ed-4700-b959-eea455a2dbce/what_do_the_chinese_symbols_on_arizona_cans_mean.pdfIn PDF document text
- http://zupitatip.atwebpages.com/astronomy_and_the_relativistic_doppler_shift_mastering_physics.pdfIn PDF document text
- http://xigavuda.rf.gd/macbeth_act_5_scene_2_script.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.