MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links, with one identified as a malicious redirector. The document body, though heavily obfuscated, contains text related to 'receipt template' and includes the malicious URL, suggesting a phishing or scam attempt. The presence of numerous external PDF links further indicates a link farm designed to distribute malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/pify?keyword=open+office+receipt+template In PDF document text
- https://fozafilamo.weebly.com/uploads/1/3/4/3/134314768/lovezuvudur_nukobok_jerubu.pdfIn PDF document text
- https://tisatazufewuvo.weebly.com/uploads/1/3/1/1/131163687/3993147.pdfIn PDF document text
- https://nipibodofabujid.weebly.com/uploads/1/3/4/2/134265940/8af1849a5.pdfIn PDF document text
- https://jabiratunibi.weebly.com/uploads/1/3/2/6/132683422/vovegipimobo-texanijuzed.pdfIn PDF document text
- https://gexoronigiz.weebly.com/uploads/1/3/4/2/134265935/9323957.pdfIn PDF document text
- https://damijuvik.weebly.com/uploads/1/3/1/3/131381376/misufufiwa.pdfIn PDF document text
- https://wabemogulumog.weebly.com/uploads/1/3/4/3/134384503/rejosox.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374518/normal_5f8bc412c0e51.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374022/normal_5f9348577c537.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4376120/normal_5f98d4536e181.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366017/normal_5f87038fcdeca.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370078/normal_5f90a1c36ad27.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/dalava/bendito_dios_lldm.pdfIn PDF document text
- https://s3.amazonaws.com/vitelitubovuluj/ikea_catalogue_2018_dubai.pdfIn PDF document text
- https://s3.amazonaws.com/zunaduxa/camera_scanner_to_tapscanner_apk.pdfIn PDF document text
- https://s3.amazonaws.com/zizene/vudoxag.pdfIn PDF document text
- https://s3.amazonaws.com/bakoloj/kolefilatuluxe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef5e886a-b543-4377-8162-6830a307e626/37092193529.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f8d3bd95-c430-4dd2-be1f-295d9cdcbd78/sakumijopef.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0493/1285/8278/files/names_starting_with_st.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/0923/6374/files/fanepufavofuwo.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0502/0572/0757/files/the_complete_wheel_of_time.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007f8c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F8C | 5008 bytes |
SHA-256: 5595f98a49664341a792fd7766155290a7f74e5492686d6d05043cf9985961e1 |
|||
font_01_sfnt_off0000907c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x907C | 10516 bytes |
SHA-256: 69cc2c5f75ea35c645cbc9339b0c578ff78e917990c2865e47ac75806c6eaa46 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.