MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=estructura+de+lewis+ejemplos In PDF document text
- http://tafezo.pollystretch.com/uploads/1/3/1/8/131857090/jejav.pdfIn PDF document text
- http://xanedug.agratefulnote.com/uploads/1/3/0/7/130775173/2090229.pdfIn PDF document text
- http://xiruj.hocorespond.com/uploads/1/3/1/6/131606183/ritowokar.pdfIn PDF document text
- http://files.kengfunlohphotography.com/uploads/1/3/0/7/130739362/guwufagu-visamef-nibonakuvox.pdfIn PDF document text
- http://vulitak.oceanpinesmotel.com/uploads/1/3/1/3/131382406/polobinizaxasim-tiwewunalexeke-tubeluzutezirib.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://d7fb84c8-6580-4170-b5a7-77855172c022.filesusr.com/ugd/c1108c_d1539fa083e94fae9f016591b569a39e.pdf?index=trueIn PDF document text
- https://f74eecee-6c9a-4daf-a9a1-cadefc248620.filesusr.com/ugd/a91264_6e4c21eff6c648bc80567412d476c568.pdf?index=trueIn PDF document text
- https://a57e0593-ae54-4cbe-9ece-8d18b12e5685.filesusr.com/ugd/c79b1c_271b163ef2fd4bbeb339c05a5bf1b1a2.pdf?index=trueIn PDF document text
- https://966c7d30-7977-4e0d-9bec-29b6891dc8fc.filesusr.com/ugd/9117e0_a1833513a1d04926a92dd0434cfdf78a.pdf?index=trueIn PDF document text
- https://c5cf275d-fd3d-483d-b187-1e536341da28.filesusr.com/ugd/229b11_26464b6087344c0c82bf626051cf15e8.pdf?index=trueIn PDF document text
- https://c4d959e3-8a40-4966-8bba-5d7db84e0e2a.filesusr.com/ugd/c722c2_bbff8c574fdd40d685bd3be70feb18cf.pdf?index=trueIn PDF document text
- https://c621f15e-3eda-4185-9072-8279f983816e.filesusr.com/ugd/594ae5_7787c78937aa476ea27da33fa66ce5cc.pdf?index=trueIn PDF document text
- https://23aa119a-8c85-4843-a3b4-cb7f7c28ef59.filesusr.com/ugd/286fb8_07f2065172af4e18a9ac24a2852cff35.pdf?index=trueIn PDF document text
- https://68192eb6-e189-4d36-a0e7-9b70039a076c.filesusr.com/ugd/436160_016c04f1d9544736bcba77ad9c41ad45.pdf?index=trueIn PDF document text
- https://91e2fdc9-7099-4d51-8553-3375d3972b8e.filesusr.com/ugd/e643da_e75bd56b731f4ed2a70c1bd468ffa3eb.pdf?index=trueIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/5583/2469/files/67566943957.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/9529/2059/files/30951028870.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006afd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6AFD | 5344 bytes |
SHA-256: e76b23c64121ce8ace3a0d1b26809ad402c7fe76236815201dc4421169ee52a3 |
|||
font_01_sfnt_off00007d2c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D2C | 11540 bytes |
SHA-256: 0d274ff4dd648bbf992cbd823ef1a9de2bd91203d2d21324cbfb53b7f25fac0c |
|||
font_02_sfnt_off0000a2d6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA2D6 | 16076 bytes |
SHA-256: 12198ed304d8e74df64bcaa8a4aae6da6436d73ceeb6d758e01031f89a18fcfe |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.