MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link to a known malicious redirector, indicating an attempt to lure the user to a harmful site. The ML classifier also flagged this PDF with high confidence. The embedded URL is the primary indicator of malicious intent, suggesting a phishing or malware distribution scheme.
Machine Learning
- Nyx PDF Classifier malicious score 0.9975
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://botcraftman.ru/?lip&keyword=%D0%B0%D0%BA%D1%82%D0%B8%D0%B2%D0%B0%D1%86%D0%B8%D1%8F+windows+7+nnm-club&charset=utf-8
- http://img0.liveinternet.ru/images/attach/c/7//4818/4818357_obrazec__obzhalovaniya__postanovleniya_.pdf
- http://img0.liveinternet.ru/images/attach/c/7//4818/4818163_yugozapadnuyy__avtovokzal__voronezh_.pdf
- http://img0.liveinternet.ru/images/attach/c/7//4818/4818142_natalya__mitina__dizayn_.pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00056c47.bin5c5bd1c9e4ebc04708026b8bc79115215cba68a18ee48f34fa804e2403583e42 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x56C47 | 8972 bytes |
font_01_sfnt_off0005857e.binf069fbd0a5a94fb4cdd0d95dcb514b695244ac580c77f81f2d30dfae3faac910 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5857E | 14528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.