MALICIOUS
214
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by multiple heuristics, including a critical finding for a malicious redirector link and a PDF SEO link farm. The primary malicious URL, 'https://dafemum.ru/wix?keyword=cengel+heat+transfer+solution+manual+5th+edition+pdf', is embedded within the document, suggesting an attempt to direct users to a potentially harmful site. The ML classifier and ClamAV also strongly indicate maliciousness, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/wix?keyword=cengel+heat+transfer+solution+manual+5th+edition+pdf In PDF document text
- https://static.s123-cdn-static.com/uploads/4413235/normal_60084c4f7caac.pdfIn PDF document text
- http://marketeuro.pro/business_plan_samples_for_food_processingeew9r.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4461250/normal_5fccbeadd8e22.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4367286/normal_60077a5f0f30d.pdfIn PDF document text
- http://igbusinessabouthelp.com/vorokbej38.pdfIn PDF document text
- http://ryduslim.website/95283018703u6giz.pdfIn PDF document text
- http://byseles.xyz/40951092473lkum0.pdfIn PDF document text
- http://clebohets.xyz/josh_mcdowell_evidencia_que_exige_un_veredictovi2ft.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/divexikav/dictionnaire_mdical_anglais_franais.pdfIn PDF document text
- https://37bdae34-bb2f-403f-997c-54a7c09d9c06.filesusr.com/ugd/dc98cc_dcedcae048b64c1f99a8b5996f23d225.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/xurixado/home_depot_ceiling_fan_size_guide.pdfIn PDF document text
- https://s3.amazonaws.com/babetafaperaxov/five_love_languages_for_couples.pdfIn PDF document text
- https://288c7b4b-0494-48f6-8ee2-9dd519b96b0a.filesusr.com/ugd/a107db_d9e99c344ebd4ec09c4bcf420fac201f.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/bokofapig/44175275455.pdfIn PDF document text
- https://s3.amazonaws.com/belopudevuzuza/gajanarew.pdfIn PDF document text
- https://s3.amazonaws.com/xalasawu/aurora_borealis_app_android.pdfIn PDF document text
- https://s3.amazonaws.com/widiku/rawls_theory_of_justice_summary.pdfIn PDF document text
- https://s3.amazonaws.com/kozewuposoridil/ctv_news_calgary_reporters.pdfIn PDF document text
- https://fa202315-5cd5-4006-9a99-7c5d4406650e.filesusr.com/ugd/61804c_0aa8367cce1a4e9fa09ffab615c74550.pdf?index=trueIn PDF document text
- https://a519209a-2b0a-481f-9fe9-460c873bdc80.filesusr.com/ugd/270e53_04a25956e5c249e2ac1798aec893c20a.pdf?index=trueIn PDF document text
- https://b4140449-9b96-4148-8619-c9b3eed7b48c.filesusr.com/ugd/c33cdb_9bb8263463a54ae6b90ed3e26398487f.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/fojaxexino/mujewit.pdfIn PDF document text
- https://6baea7ca-81e4-4a11-8410-716433a99462.filesusr.com/ugd/764aaa_a6c389c1ad2d432395b2be79ecda5251.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/pazovugal/nidori.pdfIn PDF document text
- https://34e51215-b586-4e01-b3ea-a219475a7b91.filesusr.com/ugd/46481b_b79a40cdbd844bd0b675c511a16a1a51.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e269.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE269 | 5484 bytes |
SHA-256: 9a9b1432f13ff2f419b8c0db99c8095cea9f288431f81826ae2347f81cee26b3 |
|||
font_01_sfnt_off0000f4e8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF4E8 | 11192 bytes |
SHA-256: cfec431022e8c7929cf0e02e0bf92564b0548f3a901e1b3f17e1c73a5bcfd292 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.