MALICIOUS
214
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file contains a large number of embedded links, many of which point to a link farm infrastructure. The primary link directs to a known malicious redirector, suggesting the document is used for phishing or to distribute further malware. No scripts were extracted, but the PDF structure itself facilitates the redirection.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/123?utm_term=chapter+10+to+kill+a+mockingbird+analysis
- https://cdn.sqhk.co/zetanitanedo/WXzGSyQ/soap_slicing_cutting_asmr_game.pdf
- https://cdn-cms.f-static.net/uploads/4423728/normal_5fd2c2a30da45.pdf
- https://cdn-cms.f-static.net/uploads/4380691/normal_5fa3a3946445e.pdf
- https://cdn.sqhk.co/pizokifuxe/fAicgf0/status_video_download_punjabi_2020.pdf
- https://bewimesev.weebly.com/uploads/1/3/4/7/134753962/1665688.pdf
- https://static.s123-cdn-static.com/uploads/4425926/normal_5fc9f743a65ec.pdf
- https://static.s123-cdn-static.com/uploads/4408862/normal_5fcd6c42b0e83.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/7cf24160-877a-4a41-8324-6c499439b6e0/45445974626.pdf
- https://s3.amazonaws.com/zoxewudunigus/84856492716.pdf
- https://uploads.strikinglycdn.com/files/7ea307f2-3897-466f-ba43-258af0faf977/40551515402.pdf
- https://uploads.strikinglycdn.com/files/fcfdbdc5-8100-456f-b697-fa53feb37a51/17131938691.pdf
- https://uploads.strikinglycdn.com/files/1ecd1922-4203-46cc-be01-09a22e337237/free_download_rudrashtakam_rameshbhai_ojha.pdf
- https://s3.amazonaws.com/polojuliragam/84265579387.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee01.bin8f691ac2f50016c6d520d05c2065e0ba27055dc519e248a998aa1471efd7d830 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE01 | 5892 bytes |
font_01_sfnt_off000101de.binbc923e20c27ba59d21b8f94642e72c917760bf9c7c2d9f5304812356016a2801 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101DE | 10404 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.