MALICIOUS
172
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as an image-only document designed as a phishing lure, containing a clickable link that redirects to a known malicious infrastructure. The document body, though heavily obfuscated, contains the primary malicious URL. The presence of numerous external PDF links further suggests a link farm or SEO manipulation tactic to distribute the malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9967
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 16 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=holt+environmental+science+karen+arm
- https://cdn-cms.f-static.net/uploads/4376601/normal_5f8f18f3d85b5.pdf
- https://cdn-cms.f-static.net/uploads/4369323/normal_5f8a0781c1bae.pdf
- https://cdn-cms.f-static.net/uploads/4382189/normal_5f8e9f98c8200.pdf
- https://cdn-cms.f-static.net/uploads/4370294/normal_5f8d0c588aac7.pdf
- https://cdn-cms.f-static.net/uploads/4366959/normal_5f88abeb9d0f0.pdf
- https://cdn-cms.f-static.net/uploads/4367920/normal_5f8ffe25a7a04.pdf
- https://cdn-cms.f-static.net/uploads/4366637/normal_5f875f26d36d5.pdf
- https://cdn-cms.f-static.net/uploads/4366376/normal_5f8fe7e8118fe.pdf
- https://uploads.strikinglycdn.com/files/69371a0c-9479-4d5f-8c0e-77742b0d7195/78432066132.pdf
- https://uploads.strikinglycdn.com/files/36ce4b1e-a602-43f0-bb4d-0fb5d4907658/86013369871.pdf
- https://uploads.strikinglycdn.com/files/7e2533fb-f6d6-4259-8b9e-2ae4787630ba/xidufapevosivi.pdf
- https://uploads.strikinglycdn.com/files/c5a3e72c-88cc-4e6b-b7d1-59fffe883b21/86043876238.pdf
- https://uploads.strikinglycdn.com/files/d2f7030c-7238-4ea5-bd87-4ff5cc8b1c61/rusizudo.pdf
- https://cdn.shopify.com/s/files/1/0430/9506/4733/files/dividing_decimals_worksheet_kuta.pdf
- https://cdn.shopify.com/s/files/1/0495/4721/5000/files/immersive_reader_onenote.pdf
- https://cdn.shopify.com/s/files/1/0498/7990/8504/files/ohaus_3000_series_t31p_manual.pdf
- https://cdn.shopify.com/s/files/1/0482/3279/2216/files/wood_grain_contact_paper_self_adhesive_vinyl.pdf
- https://cdn.shopify.com/s/files/1/0500/9624/2856/files/42066060811.pdf
- https://cdn.shopify.com/s/files/1/0491/9056/8102/files/exodus_super_unlock_review.pdf
- https://cdn.shopify.com/s/files/1/0499/8683/0496/files/3_minute_step_test_chart.pdf
- https://cdn.shopify.com/s/files/1/0502/7184/6597/files/zoxumabobarezajaresapuwu.pdf
- https://cdn.shopify.com/s/files/1/0437/2440/6933/files/jofak.pdf
- https://cdn.shopify.com/s/files/1/0266/8963/4491/files/cse_140_ucsd_winter_2020.pdf
- https://cdn.shopify.com/s/files/1/0439/2094/9403/files/vopojibudokuteju.pdf
- https://cdn.shopify.com/s/files/1/0431/6790/8004/files/84375114159.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.