MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded links, many of which point to a redirector infrastructure known to host malicious content. The document body, though heavily obfuscated, contains a URL that is also flagged as a malicious redirector. This suggests the primary purpose is to redirect users to malicious sites, likely for further exploitation or phishing.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?keyword=letter+writing+format+in+english+pdf
- https://cdn-cms.f-static.net/uploads/4383470/normal_5f8bb590d8af9.pdf
- https://cdn-cms.f-static.net/uploads/4383450/normal_5f8f904e2b5b7.pdf
- https://cdn-cms.f-static.net/uploads/4380700/normal_5f8bf1f736409.pdf
- https://cdn-cms.f-static.net/uploads/4370307/normal_5f8f576f89423.pdf
- https://cdn-cms.f-static.net/uploads/4378831/normal_5f8b486ed362a.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0430/6383/6834/files/numopesidadogulorewomi.pdf
- https://cdn.shopify.com/s/files/1/0438/4060/2269/files/bovuvanud.pdf
- https://cdn.shopify.com/s/files/1/0497/5404/6618/files/clash_of_clans_hack_apk_download_for_ios.pdf
- https://uploads.strikinglycdn.com/files/a359a616-e67a-411a-aa02-3b9e6f2a075c/love_boat_season_3_episode_guide.pdf
- https://uploads.strikinglycdn.com/files/bf1806de-806e-4ace-94f2-a7e13abc6c63/figuxipemezijabonez.pdf
- https://uploads.strikinglycdn.com/files/37b627c8-9fc3-4581-b452-1221ffe9cc43/wigegixuxe.pdf
- https://uploads.strikinglycdn.com/files/cec3cdd9-839a-4f82-aa17-5c058fc9654e/86932046428.pdf
- https://uploads.strikinglycdn.com/files/e1424a29-05f8-4cbe-9291-3488cd2befb3/riptide_sheet_music_flute.pdf
- https://uploads.strikinglycdn.com/files/64ab1cc4-5253-4222-819d-ae00d9a3262c/goduzixarakosevigikoza.pdf
- https://uploads.strikinglycdn.com/files/f521fc43-b371-4167-8470-0f028a931c4e/25573186423.pdf
- https://uploads.strikinglycdn.com/files/9d764a65-881c-455c-85be-9531b305ba80/sistema_circulatorio_e_linftico_exercicios.pdf
- https://uploads.strikinglycdn.com/files/e919d2f3-2bc7-49af-96ab-956cfcad7e0f/zidabafowuxizot.pdf
- https://cdn.shopify.com/s/files/1/0496/1648/6549/files/36958362448.pdf
- https://cdn.shopify.com/s/files/1/0437/3318/8762/files/free_johnson_outboard_motor_repair_manuals.pdf
- https://cdn.shopify.com/s/files/1/0434/8307/0629/files/euripides_the_bacchae.pdf
- https://s3.amazonaws.com/xanebavifamopez/47832395424.pdf
- https://s3.amazonaws.com/mijedusovineti/canada_hypertension_guidelines.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006ad1.binfeeda3e1fc47ca126eba12e8280bb5867e3d584077e8782eca1c43ff29325c13 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6AD1 | 5488 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.