MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector infrastructure, indicating an attempt to lure the user to a harmful site. The ML classifier also strongly flagged this PDF as malicious. The embedded URL is the primary indicator of malicious intent, likely serving as a lure for phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=ajanta+caves+paintings+pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0434/1081/7180/files/samsung_mobile_themes_app_free.pdf
- https://cdn.shopify.com/s/files/1/0432/5936/3496/files/91120053268.pdf
- https://cdn.shopify.com/s/files/1/0438/7300/9819/files/98586742126.pdf
- https://cdn.shopify.com/s/files/1/0433/9613/7111/files/astrology_answers_tarot_deck.pdf
- https://cdn.shopify.com/s/files/1/0445/6742/9279/files/xixogexusezuwopedi.pdf
- https://cdn.shopify.com/s/files/1/0432/1479/9012/files/turakaserexaruvaxowanino.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/13879903487.pdf
- https://cdn.shopify.com/s/files/1/0428/2525/3023/files/86392476736.pdf
- https://cdn.shopify.com/s/files/1/0435/8366/8392/files/29775317076.pdf
- https://static.usrfiles.com/ugd/5fd5c1_9282e1e3ae93422891bc271f6056e552.pdf
- https://static.usrfiles.com/ugd/3649d2_646b6147002647a2a57fc6c0c3498c9d.pdf
- https://static.usrfiles.com/ugd/61f964_bde1994c92604a14baccff0d1aff05a6.pdf
- https://static.usrfiles.com/ugd/6908d7_045361a9c4fd4148ba3f9e1c703a57c3.pdf
- https://static.usrfiles.com/ugd/83b1b3_0b8b32ee5ccb4ecfa4cadd8f078b820f.pdf
- https://static.usrfiles.com/ugd/e2c250_1d8124c2746f45eeae34ee4eff7f4d1a.pdf
- https://static.usrfiles.com/ugd/2ca22b_6d54d8fd71d049ccac9ac8ea8c733f55.pdf
- https://static.usrfiles.com/ugd/1df9ea_acfcae17b1ff4e379b7af9e154ca5184.pdf
- https://static.usrfiles.com/ugd/d54300_31da12ed43fa47f5bafb5647e41ab79e.pdf
- https://static.usrfiles.com/ugd/c75f60_bc354f14cc944caea8ed36485c95f146.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00023641.bin7438dc61928a8b9946bd559d00e20d610e3e1cb92f68126c4829ae87fdc272f5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x23641 | 3796 bytes |
font_01_sfnt_off0002439f.bin863c89e46a334c88b7fda7e4ead3205083e0d50c68b85ba7cd566136f95f49fe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2439F | 5320 bytes |
font_02_sfnt_off000255e3.bin4e64f13748eb43f7c55956b681013c49227b2e2bc5a61acd653abf08cfc2a985 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x255E3 | 10788 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.