Malware Insights
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, as malicious. It contains a large number of external links, many of which are to benign Squarespace domains, but one points to 'trafffi.ru', suggesting a link farm or redirection scheme. The document body, though truncated and partially garbled, contains text related to 'Disgaea 4 character list' and 'wkhtmltopdf', indicating a potential lure to disguise malicious intent. No scripts were extracted, but the PDF structure and link farm heuristic suggest it's designed to redirect users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9329
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafffi.ru/123?utm_term=disgaea+4+character+list PDF link annotation
- https://bizexolarosazar.weebly.com/uploads/1/3/4/8/134882522/wikugomivav.pdfIn PDF document text
- https://vepazigomopu.weebly.com/uploads/1/3/4/3/134398405/jekazixoz_wateze_dozoramax_pezelu.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static1.squarespace.com/static/5fc168c927a199023ab8f22b/t/5fc38762173fb5383b109be1/1606649698570/xeminixudetezonubuvuzasak.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd1c3643516d6aa83e0ca2/1606229049253/sasufikuremob.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe2c10f81c9a2a0c6c2f48/1606298644874/3198686176.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc1366588c99b6d37a92994/t/5fc353894e98326c027b70af/1606636428779/rawuturigewurotir.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0e627116eb00e3c4beed8/t/5fc1c246e18c5c478e3cf3ae/1606533709523/fewilamego.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe0871f8cdb769c6aa423e/1606289522654/81613734592.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0c3d560f2895dc1e72903/t/5fc379d7e18c5c478e681884/1606646231780/char_griller_3001_review.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd1060dae50a014589dcef/1606226017219/322278720.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0e552ec917750a3d7e003/t/5fc175314f9837572016c805/1606513969375/5184518840.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/67d62fb3-2a2e-429b-bd50-71b5a0a39289/identifying_prepositional_phrases_as_adjectives_and_adverbs_quiz.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf69cd61e25426e1312126/1606379983126/mint_delete_duplicate_account.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011ac9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11AC9 | 5312 bytes |
SHA-256: 3395b43ddf7b22486b820b8fc45255c009814439a1f8028741c56f60821c65b9 |
|||
font_01_sfnt_off00012cff.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12CFF | 4720 bytes |
SHA-256: bcd6d42d4b08ff7ebd1f89ed7b2401fa73aa6711bd2b505d9d3b293cab2eb9b8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.