MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL pointing to 'allytemp.ru', which is likely part of a phishing or malware distribution scheme. The PDF's structure and embedded content suggest it's designed to trick users into visiting this external resource.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://allytemp.ru/pbw?utm_term=wii+u+common+key+super+mario+3d+world PDF link annotation
- https://cdn-cms.f-static.net/uploads/4458628/normal_605b7b9049b8a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4476782/normal_60361607603a9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4470224/normal_60183eae3c9b2.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4425726/normal_5ff85a27c1efb.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426410/normal_60377628c0a95.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://lajolada.pbworks.com/f/50081619729.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/987195df-e7b1-40de-a0b7-61c89cd838a1/ramozatolitikesowe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cd449ae6-620c-41a2-bf6f-a07d66b82427/how_to_fold_a_gazelle_glider.pdfIn PDF document text
- http://namikikis.pbworks.com/w/file/fetch/144493965/track_gun_licence_application_nsw.pdfIn PDF document text
- http://lakebimutep.pbworks.com/w/file/fetch/145190892/excel_sheet_all_formula.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/741835c8-871e-48bc-9c1c-81a0ada01839/dubowusokireberuj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/823d9a36-5fbc-45ea-afe0-5aa73b484efd/78585135861.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ccc2b7c0-d780-41a3-ac56-b946230f0fbc/28566636486.pdfIn PDF document text
- http://tuxowojopugo.pbworks.com/f/tamil_dubbed_horror_movies_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d1115889-963c-4603-9b83-cf5333f95305/kurolakemelokufusejaz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/98af9024-4b12-4fdf-a0d0-b39f083c7c90/when_can_you_wear_your_military_uniform_after_discharge.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13041d17-9999-4bdf-811c-bc3c63e640e8/zamuxonigamunelesu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/689a3fd9-f1ce-4447-9722-66922312f686/stihl_hsa_45_cordless_hedge_trimmer_reviews.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c03293d1-0547-4040-ad51-1dbf3ada0505/big_fish_movie_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7508fddf-2967-4e1f-abac-15dc2b77536c/cops_n_robbers_color_codes.pdfIn PDF document text
- http://risanafupek.pbworks.com/f/56001580765.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4f8d9820-ea05-4b18-ae9a-4d99ad8cef14/19507650615.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2905efb0-8437-4ccd-9a39-280c55071598/merovexesax.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/79a814bc-be10-4576-9cd4-18a679442da6/nironopomewukosowiwoseme.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dc593ddc-5667-4c6c-b0a1-224cf965dedb/escape_the_prison_unblocked_games_77.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e6ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE6ED | 5656 bytes |
SHA-256: 2fddaefda75751a98a848491652fe349f3fe402039fb4386d4cbf9a1f8498753 |
|||
font_01_sfnt_off0000fa36.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA36 | 10828 bytes |
SHA-256: 8d3c0f9f9a6eb3fff634ce667d160f3443f81e22f1c99b0eabff056573261a60 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.