MALICIOUS
136
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9945
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafffi.ru/123?utm_term=synonym+for+long+lasting PDF link annotation
- https://cdn.sqhk.co/tewokozogop/JhiUjdZ/pasefipuku.pdfIn PDF document text
- https://cdn.sqhk.co/vasegodesazu/9id8hP7/pinomitunidunumekogufe.pdfIn PDF document text
- https://site-1168108.mozfiles.com/files/1168108/old_pocket_knives_brands.pdfIn PDF document text
- https://cdn.sqhk.co/dejuxafe/VhdhbvF/mario_party_music_roblox_id.pdfIn PDF document text
- https://site-1173450.mozfiles.com/files/1173450/phoenix_weather_october_24.pdfIn PDF document text
- https://site-1200839.mozfiles.com/files/1200839/mutalub.pdfIn PDF document text
- https://site-1175878.mozfiles.com/files/1175878/download_city_island_building_story_mod_apk.pdfIn PDF document text
- https://site-1167927.mozfiles.com/files/1167927/erasmus_internship_report_example.pdfIn PDF document text
- https://site-1195638.mozfiles.com/files/1195638/98120964660.pdfIn PDF document text
- https://cdn.sqhk.co/semobisugigi/djeSLjh/road_crisis_game.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://www.opentle.orgIn PDF document text
- https://s3.amazonaws.com/mufukep/downsizing_movie_parents_guide.pdfIn PDF document text
- https://s3.amazonaws.com/xapota/download_youtube_app_for_windows_10_laptop.pdfIn PDF document text
- https://s3.amazonaws.com/lijopavexanuse/semozura.pdfIn PDF document text
- https://s3.amazonaws.com/bisegilupuf/14769345328.pdfIn PDF document text
- https://s3.amazonaws.com/jolituzoji/6901110399.pdfIn PDF document text
- https://s3.amazonaws.com/vavebufevodutob/miziwubudirezunuwesidu.pdfIn PDF document text
- https://s3.amazonaws.com/muvemasoxaji/limits_calculus_examples_and_solutions.pdfIn PDF document text
- https://s3.amazonaws.com/golepe/datugazowolezudejave.pdfIn PDF document text
- https://s3.amazonaws.com/gumegulaxi/camino_frances_etappen.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn PDF document text
Extracted artifacts 9
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_009_off00015f7a.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x15F7A | 17388 bytes |
SHA-256: b64f3fc5f86472c94e01f5297cd479d43f5b26ef8aa1d3ef5a6737fc0153ff61 |
|||
font_00_sfnt_off0000dc90.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC90 | 5740 bytes |
SHA-256: 35c6dbccf7c25c59cdda98a5d0a9e69173ca2db5216a66f655e12da641dbbf60 |
|||
font_01_sfnt_off0000f085.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF085 | 5292 bytes |
SHA-256: 681c01a0682370dfdd94fae72099d2914d90fb5a795a2d1adfae2e8054bea6a7 |
|||
font_02_sfnt_off00010275.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10275 | 2656 bytes |
SHA-256: c206ac4eca120f096112d408dff6b33a2f721090936d80486df636e1cd240fde |
|||
font_03_sfnt_off00010d7b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D7B | 2328 bytes |
SHA-256: 3702365b3034b9d7945da23b991b5e2ac3f8bb06d1ba3be7e5ba1b5d8dd48c9f |
|||
font_04_sfnt_off00011832.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11832 | 2108 bytes |
SHA-256: e66bd646ff29f48b94a898642357a1d5295b77faffa0bd70eb77acb4aebc9a97 |
|||
font_05_sfnt_off000121fe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x121FE | 6640 bytes |
SHA-256: eca62b72654736461a635ba366d09d794777fd95c58152d2b251becdfce657e0 |
|||
font_06_sfnt_off0001339b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1339B | 13760 bytes |
SHA-256: 033acae28647b6da70a8243a8d6f0727ad0dc2311cacc2438cfcfbd2fa3f829f |
|||
font_08_sfnt_off0001798c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1798C | 3276 bytes |
SHA-256: 51c1d5fa29146058fbc649eac7766b85490f6942bd67486bd14cc46e9087474c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.