MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ggtraff.ru'. This indicates the document is designed to lure users to a potentially harmful website. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted, but the presence of a malicious URL is sufficient to infer a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/aws?utm_term=annexure+cover+sheet+family+court
- https://cdn-cms.f-static.net/uploads/4413008/normal_5f952c11ac383.pdf
- https://static.s123-cdn-static.com/uploads/4408346/normal_5fcca6edde4f0.pdf
- https://static.s123-cdn-static.com/uploads/4492897/normal_5fe4327447ad7.pdf
- https://cdn-cms.f-static.net/uploads/4487432/normal_5faec819a4d15.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/178bdcbd-ac5e-4bcc-ad7d-47fc6b3926e2/kisefuboriduzogisotobiko.pdf
- https://uploads.strikinglycdn.com/files/178271a0-8338-44de-a761-88a40e5f1f67/33638342030.pdf
- https://uploads.strikinglycdn.com/files/8474dcfc-dd09-490f-97d9-7b0088e45200/20685468845.pdf
- https://uploads.strikinglycdn.com/files/81896d77-6b6e-4f35-816d-cd6e96d7b791/12350903851.pdf
- https://uploads.strikinglycdn.com/files/683f1e73-4755-49a5-850d-56850ad48935/63473948327.pdf
- https://uploads.strikinglycdn.com/files/0967e5e4-4212-40d9-a188-7547009642ab/54363050888.pdf
- https://s3.amazonaws.com/dinisemowoge/download_pathfinder_2.pdf
- https://s3.amazonaws.com/satulibaren/94211144128.pdf
- https://uploads.strikinglycdn.com/files/d6dd5b5d-17e0-4d78-b51f-0a4f6a5b4509/leniwugobajazusekiruj.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000db5d.bind6f29ab85f3ebef4ea4c151bc36fa822566b5346e669c0c3ca32de2de9178971 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDB5D | 5340 bytes |
font_01_sfnt_off0000ed72.bin6a6c2a08f94d09ce61d53bb400cc9091fde9e3ea39070249131a788579d6881c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED72 | 10308 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.