MALICIOUS
194
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/123?keyword=nkda+medical+abbreviation In PDF document text
- https://jimagofer.weebly.com/uploads/1/3/0/8/130813953/xuzofemakibodan.pdfIn PDF document text
- https://meboguvogo.weebly.com/uploads/1/3/1/4/131437667/teribegob.pdfIn PDF document text
- https://gewosawoma.weebly.com/uploads/1/3/0/7/130739201/32b7ccb172f2.pdfIn PDF document text
- https://wavuvavezexa.weebly.com/uploads/1/3/0/7/130775629/d670d9a54.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off0000741c.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off0000741c.bin)
- https://uploads.strikinglycdn.com/files/a153718f-5717-498b-986a-bdf2ca278ec1/dunikepigegag.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/64407af3-aea2-4e99-8270-056391581f1e/herbs_in_the_bible.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/64713e5d-6d4d-4fd5-91f0-273a3362f078/28193716651.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5963e5c0-029e-47a3-99db-f14fedae50d9/83547045084.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6a350336-713e-46b9-9e10-b1a4efec31f3/41778843896.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db0dcd79-6c49-46c6-a4e7-107e7002f919/lon_po_po.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c8304496-367e-44c3-9826-60b99d2a5741/16055872434.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2e791c41-b392-4bad-bf94-53b9e92d1402/nevezusanagixilelegizetiw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/92ecdda1-55c6-4065-a1ed-15478b034a9c/jevorebowopadubuvuju.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c8a984e5-e520-43ef-8309-24ba32ed2f10/past_perfect_simple.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/462c0f7a-8bed-48fc-9bee-ddf9fe22d36f/27208611061.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1a33f81b-679f-4822-9100-3ae731aea774/lagulo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e450fa23-c60f-4b31-803f-b41b6cdf4184/korefob.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7698342c-4c42-43ff-89e4-6416889659dd/68750797291.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a3868838-c49d-4764-a2e3-9036a66bab0c/6105938738.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d454224b-92cd-4e92-9529-95810fc5d8ca/netim.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0502/1155/3473/files/xuloja.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0505/8628/8296/files/over_the_air_tv_guide_mesa_az.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0481/5464/0537/files/88530565171.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/5095/6960/files/5696705909.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off0000741c.bin)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000741c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x741C | 5140 bytes |
SHA-256: cd9d0ef3bd9e9550de7c8babda288aaa39e06a2e0427176fd6767e7f4ae00bbf |
|||
font_01_sfnt_off00008588.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8588 | 9960 bytes |
SHA-256: 1d8698fbbe2053a87addc890fa9416400cd402e76af750c5f27543e1b2495030 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.