MALICIOUS
194
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=biochemistry+of+cardiovascular+system+pdf In PDF document text
- https://nizesuvijeva.weebly.com/uploads/1/3/1/6/131607023/tibitiwuxi.pdfIn PDF document text
- https://gexirirexov.weebly.com/uploads/1/3/0/8/130874239/cebb0.pdfIn PDF document text
- https://babikovinemixe.weebly.com/uploads/1/3/1/8/131856339/mowedepesen.pdfIn PDF document text
- https://fenawivo.weebly.com/uploads/1/3/4/0/134000055/d011d28250b.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off0000ab51.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off0000ab51.bin)
- https://uploads.strikinglycdn.com/files/f56b20ea-531d-4ad8-a0de-2a1499bcaf90/6963110981.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef89c5ed-9b4a-4a58-b8bd-03c70a2970ad/texemiteginerobiwete.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5bf2eb14-78ea-4d0a-bf83-0a53e7d32baf/55568157619.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e3e19d86-e90d-4e78-bc40-e79a2f17c7ed/makometosijube.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d4d56f0f-f203-40d9-861d-6a3d4e99fea9/jevumenaluvinapoxiwelurag.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2f3fab25-3b34-4697-9972-46c5cb43b0de/omu_treasure_maps_locations.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0f5daaa6-a702-4316-bc4c-c7ac8b867ef9/90678660818.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b654f891-546c-4b92-a0e6-cc42ae99a0aa/download_river_flows_in_you_mp3_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/408b38c8-b76a-4659-a52e-84601fa08546/32662797023.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/60c9e347-621c-4843-88e9-22cbb93d2003/dogs_with_brown_noses.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/58d665d5-b848-4fb8-b800-59d7b5c519f9/pufuzikaser.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a2da4d0a-4ce3-4317-bfa8-294863713d01/bujoxibopewuzenawofe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7175da1b-0205-433b-a15a-a553e873f40a/susijebowulebitodidov.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0429/9204/2137/files/25543208530.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0266/8625/9388/files/66671758448.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0437/6402/3450/files/729040904.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off0000ab51.bin)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ab51.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAB51 | 5608 bytes |
SHA-256: 1e25379b50087142abced54b5f3d7e28f03497bef24415dc3705ac0f2af3a876 |
|||
font_01_sfnt_off0000be40.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBE40 | 10672 bytes |
SHA-256: 1397fe38480bd043e1e94bd0fad17423ffa424549e30588e719c148971eecb7c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.