Malware Insights
This PDF document is classified as malicious due to its structure and embedded URLs. The heuristic 'PDF_SEO_DISPOSABLE_LINK_FARM' indicates the document is designed to host numerous links on disposable domains, likely for SEO manipulation or to distribute malicious content. The primary malicious URL identified is https://jacksth.ru/123, which is presented in the context of 'best free offline android rpg games 2019', suggesting a lure to trick users into visiting a potentially harmful site. No scripts were extracted, but the overall pattern points to a phishing or content-luring attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/123?utm_term=best+free+offline+android+rpg+games+2019 PDF link annotation
- https://cdn.sqhk.co/tamupoto/viaVgiJ/65194644585.pdfIn PDF document text
- https://cdn.sqhk.co/kufomopinu/gKAjdid/rare_exports_a_christmas_tale_2010.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4464297/normal_5ff5a55e94c50.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4471275/normal_5fe6e94f7aa63.pdfIn PDF document text
- https://cdn.sqhk.co/mibemofega/ibWifig/wakawujawufur.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382974/normal_602241a9c7e2f.pdfIn PDF document text
- http://domobifotuza.sportsontheweb.net/why_is_the_chocolate_war_a_banned_book.pdfIn PDF document text
- http://toteganutiv.66ghz.com/transformers_5_bumblebee_death_scene.pdfIn PDF document text
- http://pelinebaj.mypressonline.com/jorefozavipufu.pdfIn PDF document text
- http://delozofize.scienceontheweb.net/anguille_sous_roche_ali_zamir.pdfIn PDF document text
- http://bamefidev.mygamesonline.org/what_is_the_septuagint_version_of_the_bible.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387230/normal_603a9753af597.pdfIn PDF document text
- http://bajoreto.sportsontheweb.net/52818939484.pdfIn PDF document text
- https://cdn.sqhk.co/zumedizojas/UjeibC4/45615067113.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/fe08f39c-4d3e-41bb-8db8-8210cfcff41a/63590282854.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5087fad2-c1bc-4cbf-8c4a-5c05b6d91db1/what_is_vehicle_stability_control_system.pdfIn PDF document text
- https://b46c4cda-4951-41c0-816f-bbf02eee4d9b.filesusr.com/ugd/4ff992_ed7c5fcdebff4acea0443dc4519f86f6.pdf?index=trueIn PDF document text
- http://palalujopaxuv.epizy.com/sample_appraisee_comments_in_appraisal_form.pdfIn PDF document text
- https://02687da8-bf2b-436b-a8ca-82c6e04513a5.filesusr.com/ugd/e48f8a_8979c4a1ebce433899f984f39db32404.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7b443a7f-cf80-4c32-a82a-6a308c03c610/16463899756.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fe8a9d58-68d1-4739-b4f7-e0a1afd1c09e/stanley_1000-amp_peak_jump_starter_with_compressor_manual.pdfIn PDF document text
- https://b760d8db-9746-4821-aa2b-94c9f806d328.filesusr.com/ugd/26ce45_0cc47f78a18243479aa35a9892d64785.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/5de27c67-799f-437a-8d06-ed63a4524745/mp3xd_musica_gratis_para_escuchar_y_descargar_2019.pdfIn PDF document text
- https://0d801636-e20c-47cf-9654-f2c4f0d28fb9.filesusr.com/ugd/2e7c9c_f1b9b57c5aa44d62a63aed991dbe677e.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f1ee.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF1EE | 5892 bytes |
SHA-256: 82d69f93e9cedd4c3f24ff342ca28704f4d2b0c2b54cdc24c4f85039c7072a82 |
|||
font_01_sfnt_off000105f0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x105F0 | 10648 bytes |
SHA-256: f1db836d206177c5d2e977e128c70db7874646875140490073e96d06d70df2b1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.