MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing indicating it redirects to known malicious infrastructure. The embedded URL 'https://cctraff.ru/strik?utm_term=snow+leopard+apex+predator' is identified as a malicious redirector. The ML classifier also strongly flagged this PDF as malicious. While no scripts were explicitly extracted, the PDF structure and the malicious URL strongly suggest a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?utm_term=snow+leopard+apex+predator
- https://papunagaku.weebly.com/uploads/1/3/1/3/131384156/lutigojogiwu.pdf
- https://jomixemaletid.weebly.com/uploads/1/3/4/6/134659672/zamejegerik_merixegogeno_kuzititero_sutiliwefipo.pdf
- https://duzuxaxopukuka.weebly.com/uploads/1/3/4/6/134615532/8f17132ad449a.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/eaa909f3-e319-4d06-b6a4-b624e6d74f02/sosufugam.pdf
- https://uploads.strikinglycdn.com/files/4404675e-d948-46cd-9346-fc70a5fa8206/facebook_ascii_birthday.pdf
- https://uploads.strikinglycdn.com/files/d263cf5d-afe6-4ad8-a6f5-a411ede0b105/fekumunitaw.pdf
- https://uploads.strikinglycdn.com/files/a20b2ec4-d30b-4922-97e3-9ae3864deec3/moon_valley_organics_eczacalm.pdf
- https://s3.amazonaws.com/pazatuv/liquidity_risk_report_example.pdf
- https://uploads.strikinglycdn.com/files/00924694-92f3-4abc-8429-0bdf45fb8766/jupuxilosadunitisubij.pdf
- https://s3.amazonaws.com/jadudusujuje/48047326459.pdf
- https://uploads.strikinglycdn.com/files/3833b94a-232e-418b-a77e-b4af8c1347e0/dowaxumijibilewasebi.pdf
- https://s3.amazonaws.com/lebaxa/88857159740.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c5e2.binb9e693028c909167bf64f86d999ca92746b2e1d063e01fbcc5b40e0f4bad05c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC5E2 | 5036 bytes |
font_01_sfnt_off0000d729.bin1efec9c45b954c77965135ff4aabfa8d1f0eddaed0728779d25c36632a781265 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD729 | 10004 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.