MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains embedded links that point to a known malicious redirector. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK confirms this, and the ML classifier also flagged the document as malicious. The document body, though heavily obfuscated, contains the malicious URL, suggesting an attempt to lure users to a harmful site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=eliminacion+de+hofmann In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/7bf42003-4499-4df0-b725-b2e47337080e/71883870644.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/748447bd-5ef5-40b6-9c7f-cff78f22e7b2/bunutamekesuganufisoz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f77bc42-a1c1-4780-8e03-e02441fe5f37/74360432215.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/234b973f-dc17-4e73-9bb0-30d30fff914e/7727738975.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0266/9264/9146/files/81492947281.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ea69ea3c-9803-43e6-b542-96a4a393bb39/bapixodabidemojuxe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e7522cea-d1a7-4c59-a538-1cad4e3e29e8/losakimari.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fa2bb9ba-c67b-475f-b90b-91541d5dc9fb/rukazeduwizazofuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bc60456a-7fd8-4f5d-a602-822a0f9f6009/denomazedigenelimaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7674fde7-f7bb-419b-bd7c-fb6e14e2879a/9054710239.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b81c7065-12ad-4f85-abb3-557fe0d86fa7/dinijijufebaboku.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/51425849-b26d-4ee7-b2bf-29c6709dfe14/fididivu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf02f460-93f9-42bb-9265-8054b2c4fa9b/71395330248.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c6763034-2a00-404e-a23c-08c442134a73/97881258436.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a23.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A23 | 4944 bytes |
SHA-256: 725b146ad0a83fa3f89b8975909d78f91739c1dd5e17ef335d5bca6698faa6b8 |
|||
font_01_sfnt_off00007abe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7ABE | 11652 bytes |
SHA-256: 247493e2732a9c63975d88f5ae13c33906ac9916a62e09ba4f7746c785881298 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.