MALICIOUS
122
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains embedded links that redirect to malicious infrastructure, as indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains a URL that appears to be part of a lure. The ML classifier also flagged this PDF as malicious with high confidence. The presence of multiple links on disposable hosting further supports a malicious intent to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9981
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/pify?keyword=special+angle+pairs+worksheet+answers In PDF document text
- https://juragubiv.weebly.com/uploads/1/3/0/8/130874328/7114ee1.pdfIn PDF document text
- https://jakedekokobara.weebly.com/uploads/1/3/1/3/131381480/bukekux.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370266/normal_5f8a3064d70ec.pdfIn PDF document text
- https://terarawuterojuz.weebly.com/uploads/1/3/0/7/130739827/vebaxodimigop.pdfIn PDF document text
- https://gazesomudari.weebly.com/uploads/1/3/1/0/131070071/ae298717cd82.pdfIn PDF document text
- https://nulumekut.weebly.com/uploads/1/3/4/3/134373747/wifawupu.pdfIn PDF document text
- https://xusawoji.weebly.com/uploads/1/3/0/7/130739635/kofofazigetozig.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365602/normal_5f8b8ee92a349.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/16258f28-21ef-4747-86aa-da953ae42a76/vogemifujef.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/310db2b2-50d9-466e-b7c0-6867943e3850/46485576915.pdfIn PDF document text
- https://s3.amazonaws.com/jajoxulabojaso/bailey_and_love_surgery_mcq.pdfIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/artificial_intelligence_article.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ed4ad533-2576-4bdc-8a56-38929f7eae46/binbir_gece_masallarC4B1_oku.pdfIn PDF document text
- https://s3.amazonaws.com/pusolefosex/antananarivo_map.pdfIn PDF document text
- https://s3.amazonaws.com/jotizifime/14372833940.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dae1fc15-a72c-4852-9728-4197fb46c27d/farmall_super_m_parts.pdfIn PDF document text
- https://s3.amazonaws.com/zetare/zodegubitixatirupuz.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b48d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB48D | 5456 bytes |
SHA-256: 6737e34c8bb435afbcd844806ccad65ce32a8fa0bcd93e264ab8cc6c9f6cde5a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.