MALICIOUS
166
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.6269
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://tevav.co.za/XSRYdR1H?utm_term=god+is+not+great+pdf PDF link annotation
- http://farmaciacogliate.it/userfiles/files/70078110861.pdfIn PDF document text
- https://djennebeads.com/nbloom/fckuploads/file/xesimasuderugaxopalixaj.pdfIn PDF document text
- https://markiza-trade.ru/admin/ckfinder/userfiles/files/3308126074.pdfIn PDF document text
- https://maxflowfans.com/userfiles/file/tesarutefipovewim.pdfIn PDF document text
- http://ridonhennet.eu/admin/kcfinder/upload/files/48224103865.pdfIn PDF document text
- https://www.elektrobetrieb-scholz.de/wp-content/plugins/formcraft/file-upload/server/content/files/1621216c76ce02---donixalasevekunepem.pdfIn PDF document text
- http://riverside.tw/user_upload/files/ruripodi.pdfIn PDF document text
- https://csodamalom.hu/files/files/43666004868.pdfIn PDF document text
- https://strings97.hu/userfiles/file/88779541390.pdfIn PDF document text
- http://bourgogne.annuaire-regional.com/ckfinder/userfiles/files/geloror.pdfIn PDF document text
- http://nova-auto.com/upload/loxagatawakokafusup.pdfIn PDF document text
- http://akiyastyle.com/app/webroot/js/ckfinder/userfiles/files/tisuregazipizenepagegi.pdfIn PDF document text
- https://kicksomeglass.com/wp-content/plugins/super-forms/uploads/php/files/90a7169aef5da733a302c726510601e0/parokupisodan.pdfIn PDF document text
- https://locoffice.ru/userfiles/file/babaludegupi.pdfIn PDF document text
- http://rhondachem.com/d/files/77189252734.pdfIn PDF document text
- https://www.swiftcargo.com/adminlogin/kcfinder/upload/files/71743328649.pdfIn PDF document text
- https://www.pianoeg.de/admin/ckeditor/kcfinder/upload/files/26573465841.pdfIn PDF document text
- https://bokaichenyu.com/upload/files/towubokulomowuke.pdfIn PDF document text
- http://www.mvdisposal.com/wp-content/plugins/formcraft/file-upload/server/content/files/1620d6a7df1d69---260135428.pdfIn PDF document text
- http://www.fairvalesecondary.co.za/kcfinder/upload/files/samaxijanudiforar.pdfIn PDF document text
- http://skogsformedling.se/bilder_umeny/File/kotubizomimexozorofu.pdfIn PDF document text
- https://sgicorp.com/userfiles/files/bamagerako.pdfIn PDF document text
- https://dbjadow.pl/attachments/file/basipinudajoki.pdfIn PDF document text
- http://scsytech.com/upload/files/kudesogulepufemakipekuw.pdfIn PDF document text
- http://elite-nails.pl/Upload/file/lufetijukabexedar.pdfIn PDF document text
- http://apgicl.com/public/files/assets/ckeditor/kcfinder/upload/files/53888386029.pdfIn PDF document text
- http://kondicionery-fryazino.ru/upload_picture/file/51091194576.pdfIn PDF document text
- http://www.medic-pneumolog.ro/fisiere/file/suzawokiwa.pdfIn PDF document text
- https://lrdreamteam.com/files/files/file/InfoProduct/file/mevafoma.pdfIn PDF document text
- http://evo-models.com/uploads/userfiles/files/ludimijesivadeg.pdfIn PDF document text
- http://energo-winstal.pl/userfiles/file/58455518025.pdfIn PDF document text
- https://static.yulava.es/js/libraries/ckeditor/kcfinder/upload/files/53895428551.pdfIn PDF document text
- http://studiotecnicoligioni.com/userfiles/files/vaxevagipotisaboli.pdfIn PDF document text
- http://kalecikliyiz.biz/panel/kcfinder/upload/files/wizap.pdfIn PDF document text
- http://jpsacademy.com/slbdavbatala/userfiles/file/fukujifilisitudurakojubo.pdfIn PDF document text
- https://artsketch.ru/wp-content/plugins/super-forms/uploads/php/files/9b5eba5e7c17b3a220c434499f683c17/notuva.pdfIn PDF document text
- http://sintniklaas.kinderopvangpimpeloentje.be/ckfinder/userfiles/files/30047604295.pdfIn PDF document text
- https://truyenskyt.com/upload/ckeditor/files/guwiripimu.pdfIn PDF document text
- http://oxfordjazzkitchen.com/userfiles/file/gutamuwabeboganugunogezo.pdfIn PDF document text
- http://www.auberdiffusion.com/ckeditor/kcfinder/upload/files/41212160797.pdfIn PDF document text
- http://spellenindex.nl/images/uploads/gorepiveruterinoruzegeku.pdfIn PDF document text
- https://bienenaktuell.com/sites/bienenaktuell.com/files/file/72778485040.pdfIn PDF document text
- http://mextro.de/upload/files/jusopadun.pdfIn PDF document text
- http://belspelen.nl/admin/kcfinder/upload/files/1952006165.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
+3 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0005e592.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5E592 | 10664 bytes |
SHA-256: 430e5013d5857867f9c5d2199fd650e376eb73c10771f078c81178e3938c64a3 |
|||
font_01_sfnt_off0005fded.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FDED | 16560 bytes |
SHA-256: 924ad5cb737cfd9a34472b2046831991df4d3950e5f0d7b552a18309318c2ee9 |
|||
font_02_sfnt_off00061508.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61508 | 17888 bytes |
SHA-256: 3869c73aa2b21d3c991aba1b59eec27bf5eae4d37455d81b2c8b4dc65a335e16 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.