MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains a heuristic firing indicating it links to malicious redirector infrastructure. The embedded URL, 'https://gettraff.ru/strik?keyword=arduino+projects+book+170+pages+pdf', is presented within the document body, disguised as a link to an Arduino projects book. This suggests a phishing or social engineering attack aimed at redirecting users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9928
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=arduino+projects+book+170+pages+pdf In PDF document text
- http://files.fuelfitnessbootcamp.com/uploads/1/3/1/6/131636906/bc282498091abd4.pdfIn PDF document text
- http://tukeji.shoptwoowls.com/uploads/1/3/1/3/131398091/1111948.pdfIn PDF document text
- http://files.midwestgrotto.com/uploads/1/3/2/3/132303351/witujuvurizerufevuno.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/04395344-26d8-463e-b8ec-7544844f054b/mawujiwujajine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6f480579-fb22-40ac-95e7-1160a347d5c9/jutazoj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f75c0346-b82e-4c91-ba13-120b16410843/vibotov.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2d5401be-8e9c-4909-ad37-b1b31fad2a42/27066443039.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/72a45e40-229b-4177-b592-dabf75e0959b/89152473965.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/768ce1f0-a8b5-4266-9edf-f13d559a624e/kinijokubusorikedigam.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/50862794-b00c-4d7a-9297-4ee18a77c815/58328802515.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/4138/8704/files/bulletproof_diet_shopping_guide.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0479/2378/9991/files/budget_authority_meaning.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/4735/3511/files/planet_fitness_gift_card.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/3741/6869/files/xizezugibeponavenala.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000106bf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x106BF | 5836 bytes |
SHA-256: 9a504bf854887bb37b736e33c89bd224e80dac71f45cc9e15dd0207ec651e5a4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.