MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. The embedded URL 'https://cctraff.ru/aws?utm_term=crowder+all+my+hope+sheet+music' is confirmed as malicious. While no scripts were explicitly extracted, the PDF structure and the malicious URL strongly suggest an attempt to lure the user to a harmful site, likely as part of a phishing or malware delivery campaign.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?utm_term=crowder+all+my+hope+sheet+music
- https://cdn-cms.f-static.net/uploads/4423752/normal_5fdc2216a23bb.pdf
- https://static.s123-cdn-static.com/uploads/4456420/normal_5fc41c676fe9c.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://uploads.strikinglycdn.com/files/525e1451-6970-44b5-a1ca-92e13573afd5/65592058002.pdf
- https://uploads.strikinglycdn.com/files/1c99feec-8d35-41fc-8455-053f1b68d74f/40519971407.pdf
- https://uploads.strikinglycdn.com/files/390a1d29-e49a-4fd1-9b2a-0ac08499aa5c/mufixapalituxadoge.pdf
- https://s3.amazonaws.com/negonanopix/mukudipagasozelutagod.pdf
- https://uploads.strikinglycdn.com/files/ac433566-ac71-4ff7-a049-bfb63985d58f/elite_dangerous_lawless.pdf
- https://uploads.strikinglycdn.com/files/7b828a87-2387-4c0d-a205-e4cfb8670050/viwekit.pdf
- https://uploads.strikinglycdn.com/files/877f8c98-82ad-4146-94df-66677164a26a/5262913119.pdf
- https://uploads.strikinglycdn.com/files/9e4ce158-8ccd-43c3-91c0-9de7c242ab47/police_siren_light_and_sound_simulator_problem.pdf
- https://uploads.strikinglycdn.com/files/612833b6-6e70-46d0-bca6-e6d67c4ab917/vuditapufoluxam.pdf
- https://s3.amazonaws.com/xijuxosisomuna/kuvixapenituxu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d535.binac97df6cb3848d3cc452354031b92c4abd139f12d4795ed0cb3d8c5a34b323ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD535 | 5304 bytes |
font_01_sfnt_off0000e75f.binc8d9de5e8d9fe5d93958ebfe1a1d3ca267175ad5bb300061b4ff9635b8160ce0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE75F | 10312 bytes |
font_02_sfnt_off00010aa6.bin1158d95dac44631f497756703988ba3645251422e7ff0015d3fca430225e7c3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10AA6 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.