MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link farm and a direct link to a known malicious redirector, indicating an attempt to lead users to malicious infrastructure. The document body, though heavily obfuscated, contains text related to septic systems and the malicious URL, suggesting a lure. The presence of numerous external PDF links, many pointing to Shopify, suggests a tactic to obscure the true malicious intent and potentially leverage benign-looking domains for SEO poisoning or link farming.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/123?keyword=nh+septic+system+design+manual In PDF document text
- https://cdn-cms.f-static.net/uploads/4373008/normal_5f88aba5b7cfd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366035/normal_5f8a186eb885a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369632/normal_5f8a19e7d7536.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366309/normal_5f88fbc5da04b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368955/normal_5f880b5c02cd3.pdfIn PDF document text
- https://jiwepurojal.weebly.com/uploads/1/3/0/7/130775762/1766028.pdfIn PDF document text
- https://genigudepa.weebly.com/uploads/1/3/1/0/131070712/gapovowumepekegosiza.pdfIn PDF document text
- https://jumuwubugunitus.weebly.com/uploads/1/3/1/0/131070493/rimijurogarov_kimowusaxu_wokibapumuwoxug_vapis.pdfIn PDF document text
- https://xojisige.weebly.com/uploads/1/3/1/6/131637148/zemokivajuf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369919/normal_5f8a21658ce95.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366350/normal_5f8902216cb4c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366044/normal_5f87022f1bbc2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366660/normal_5f8a057a30a2a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369160/normal_5f8a0d6d1f7bc.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://cdn.shopify.com/s/files/1/0497/8786/3201/files/98875013046.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0492/3460/8284/files/arizona_quit_claim_deed_sample.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/4676/2656/files/70993871002.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0476/7481/8726/files/97188419351.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0268/8306/3986/files/vekidorepifopapelejixuzip.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0c079e27-555c-4613-917a-04888b135b45/77440509665.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2893b47b-797d-4b43-93ca-f5874314c408/80096870087.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d477740a-5c25-445e-b93d-93646eac1f30/90766202360.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/394921ff-be7d-4fad-b621-8bbe3f507e8b/pifobolijufu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/97d63af5-b9b7-45e1-96b5-5a849d878d17/63039449020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3ca8ea98-37ac-40fe-9296-cd9aec7ed2cb/97784018070.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb6ffe5c-b26d-45a7-8c2e-82aaf86a985b/centrifugal_casting_journal.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f2dc24c6-979e-443e-96c4-982d55be187e/20507719541.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000080ee.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x80EE | 5464 bytes |
SHA-256: 6a1ae7570fc285126c453f459fa703e673916f80a6f1a18a6b3e3df543945ede |
|||
font_01_sfnt_off00009371.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9371 | 10240 bytes |
SHA-256: 66210455d67a4bb30ecc45572f52c16c3013f0435f85c28898f31d7084b1f4be |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.