MALICIOUS
192
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains heuristics indicating it is a malicious redirector, specifically linking to a URL associated with phishing or malware distribution. The document body, though heavily obfuscated, contains text related to a 'Samsung galaxy s8 metropcs' giveaway, suggesting a lure. The primary IOC is the malicious redirector URL used in the lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.6878
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?utm_term=samsung+galaxy+s8+metropcs In PDF document text
- https://cdn-cms.f-static.net/uploads/4494668/normal_5fb466629f707.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370263/normal_5fbcc30ae66ec.pdfIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/probability_lesson_plans_high_school.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0e9eb3398ff75152e2002/t/5fc50cc1fa04221c71bf6ecb/1606749379478/16186001775.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5670c0e8-7610-4272-8279-2f09d6248fa9/29051636786.pdfIn PDF document text
- https://s3.amazonaws.com/pusori/el_dorado_springs_mo_police_reports.pdfIn PDF document text
- https://s3.amazonaws.com/zosevid/light_bot_source_code.pdfIn PDF document text
- https://s3.amazonaws.com/fogibi/74616125900.pdfIn PDF document text
- https://s3.amazonaws.com/wewuxuviwar/balupu_full_movie_in_tamil.pdfIn PDF document text
- https://s3.amazonaws.com/jevelel/chest_guidelines_anticoagulation_after_surgery.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f724f774-0967-4e09-9c92-d7744cc1d26d/5514341603.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f556049e-cc5a-4f52-a16b-cc45629ba5d3/quickbooks_web_connector_api.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7ab6d14-2c7c-4111-b766-ef0a1158336f/sample_of_cultural_identity_essay.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0c666116eb00e3c4b5099/t/5fc636355147b148040625a0/1606825525806/adobe_photoshop_fix_premium_mod_apk.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.