MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of external links, many of which are dynamically generated and point to potentially malicious domains. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass external PDF link farm, suggesting a phishing or malware distribution scheme. The ClamAV detection and ML classifier further support its malicious nature, likely serving as a lure to phishing sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.6541
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=traffic+malayalam+movie+script+pdf
- https://kapelivoxiri.weebly.com/uploads/1/3/4/0/134040857/nilubixagux.pdf
- https://static.s123-cdn-static.com/uploads/4453914/normal_60049857852f9.pdf
- https://static.s123-cdn-static.com/uploads/4466689/normal_5ffd38adeba7e.pdf
- https://cdn.sqhk.co/xovijanovupu/Dc7jbha/top_new_ringtone_instrumental_2018.pdf
- https://muxasikij.weebly.com/uploads/1/3/1/8/131872285/7b8ac.pdf
- https://static.s123-cdn-static.com/uploads/4421639/normal_5fee88a94c67a.pdf
- https://xuvamedinomu.weebly.com/uploads/1/3/5/3/135392700/925298.pdf
- https://cdn.sqhk.co/doxufojixene/ajg5vgg/lesajotaget.pdf
- https://cdn-cms.f-static.net/uploads/4481397/normal_6014ce578da79.pdf
- https://static.s123-cdn-static.com/uploads/4424328/normal_5ff36e01bc44f.pdf
- https://cdn-cms.f-static.net/uploads/4403672/normal_5fd33f1e2aef7.pdf
- https://cdn-cms.f-static.net/uploads/4366637/normal_605cdd6f9bc2b.pdf
- https://ruwatavefi.weebly.com/uploads/1/3/4/7/134704280/3373763.pdf
- https://cdn-cms.f-static.net/uploads/4390681/normal_60266977c644a.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102Hussain
- http://smc.org.inhttp://smc.org.in
- https://uploads.strikinglycdn.com/files/3a56012e-32b3-415b-9f43-b83cb5750439/71852503840.pdf
- https://uploads.strikinglycdn.com/files/f9fbd1b6-3af0-4fbc-bad8-3e83098569c0/reglas_de_acentuacin_de_las_palabras_graves.pdf
- https://uploads.strikinglycdn.com/files/8bc3dfa6-b5bf-450c-9c4a-9ecaab47199a/workbook_answer_wordly_wise_3000_book_6_answer_key_free.pdf
- https://uploads.strikinglycdn.com/files/83d70513-7466-49b5-839e-f5aeb986ab11/giwijakizowunivaselejux.pdf
- https://uploads.strikinglycdn.com/files/4b5f0777-777d-457e-b33c-4cf6e815e5e7/wumixiletunebujefojage.pdf
- https://uploads.strikinglycdn.com/files/29f55f11-3a10-4e9f-94e4-e3316d66bf74/computer_architecture_a_quantitative_approach_6th_ed.pdf
- http://scripts.sil.org/OFL
- https://gitlab.com/smc/meera/blob/master/COPYING
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001040e.binda034ca7ab21b4264533bee7ecfec6c015eeb5d4b43a1c1ba7c7f0a814e6d3c9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1040E | 5412 bytes |
font_01_sfnt_off00011667.bin773b7582eb07e613f8c6d5049a1f98de158b6855e74e07a28ef8fb22d4c9dfa7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11667 | 6208 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.