MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to a URL that appears to be part of a phishing campaign. The ML classifier also flagged the document as malicious. The document body, though heavily obfuscated, contains text related to 'white leather dining chairs', likely a lure to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.8283
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?utm_term=white+leather+dining+chairs+modern In PDF document text
- https://cdn-cms.f-static.net/uploads/4415745/normal_5f9cea792dd35.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379723/normal_5fad7cebd564f.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e6c893a4-d2fb-434d-a7da-fa96499ef8f2/14246272597.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/944fc8cf-36f1-41c6-9295-3fbf84fe4c56/lozawoxuk.pdfIn PDF document text
- https://s3.amazonaws.com/fulosobezur/ge_stacked_washer_dryer_manual.pdfIn PDF document text
- https://s3.amazonaws.com/mefadedosuw/lokemapigewo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/908929a2-314c-433a-a88d-4d898ecba10a/13406717129.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9a6c3fdc-2c93-4969-8aa0-a5e3a3f9ae29/95317840823.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d99aa5d-8cdd-46d3-8686-cc76c3dd7f4a/1994_miata_manual_transmission_fluid.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bec7d4a8-7fd8-4b8c-b744-d6dc507d3574/14473036647.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3ac7509c-e34c-4eb8-93bb-d4746e7f542e/dragon_ball_z_xenoverse_2_guide_book.pdfIn PDF document text
- https://s3.amazonaws.com/jadudusujuje/argonauts_of_the_western_pacific.pdfIn PDF document text
- https://s3.amazonaws.com/radaruropivoje/bufuvimufobinuxofudovi.pdfIn PDF document text
- https://s3.amazonaws.com/luresimosip/mobile_county_probate_court_mailing_address.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3703b898-e99d-48d5-980f-355fd6ce0135/aimbot_xbox_360.pdfIn PDF document text
- https://s3.amazonaws.com/baxekojojexusol/31992968065.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b0da.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB0DA | 5364 bytes |
SHA-256: 7789247fd1f1ccb20ba07dcbb89af1175ebcdf4c4913bcc19d34c08557eec840 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.