MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a heuristic firing for a malicious redirector link pointing to 'https://ggtraff.ru/strik?keyword=divinity+original+sin+traits'. This URL is likely used to lure users to a malicious site. The document body, though heavily obfuscated, also contains this URL, reinforcing its malicious intent. No scripts were extracted, but the presence of a malicious redirector is sufficient evidence of a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9917
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/strik?keyword=divinity+original+sin+traits In PDF document text
- https://site-1043649.mozfiles.com/files/1043649/gawarinepomiwo.pdfIn PDF document text
- https://site-1037145.mozfiles.com/files/1037145/13425081664.pdfIn PDF document text
- https://site-1039190.mozfiles.com/files/1039190/kogufisirikig.pdfIn PDF document text
- https://site-1039869.mozfiles.coIn PDF document text
- https://cdn.shopify.com/s/files/1/0498/0156/0226/files/deming_animal_shelter.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0464/7351/1064/files/dekobolo.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0481/2980/2403/files/23939340868.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.