MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass external link farm, with one prominent link pointing to a known malicious redirector. The document body, though heavily obfuscated, contains text related to 'chemistry book class 11 pdf free' and the malicious URL. This suggests a social engineering lure to drive traffic to malicious infrastructure, likely for further exploitation or credential harvesting.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=chemistry+book+class+11+pdf+free
- https://static.usrfiles.com/ugd/57c819_5f6e2b73aad84c54bb9c8990003dca04.pdf
- https://static.usrfiles.com/ugd/b8c837_2f201087b05741799dd12326d283ecb9.pdf
- https://static.usrfiles.com/ugd/d4da64_7c547654b2cb4e0890e3defc5cafb2df.pdf
- https://static.usrfiles.com/ugd/61b8bf_2d2970e23a254594ab1ceec11511fd23.pdf
- https://static.usrfiles.com/ugd/b8c837_14d2ad49b4374aca9468dc11e86e9712.pdf
- https://static.usrfiles.com/ugd/185c00_f452b20f5a5847ad88d1b6a1df923785.pdf
- https://static.usrfiles.com/ugd/b8c837_d6ea4f02b4f949c388442a0ebcf8720c.pdf
- https://static.usrfiles.com/ugd/a8ca0f_c6c558d419e949dc8285e9ffb60f5570.pdf
- https://static.usrfiles.com/ugd/80c1db_5dd65fef07a347c581b3054ab1e555a0.pdf
- https://static.usrfiles.com/ugd/191a6d_b5b565596a484899b274009c46e8efd4.pdf
- https://static.usrfiles.com/ugd/b8c837_aca808a4b24543d299a287e11c2d2129.pdf
- https://static.usrfiles.com/ugd/3bcfef_d9d0ffe8961a458195af93fd5179f89b.pdf
- https://static.usrfiles.com/ugd/a467d2_2969c913856b4d17947638e97fdddd59.pdf
- https://static.usrfiles.com/ugd/40b9e6_17fc7e5c546841aaadbdafd41b570587.pdf
- https://static.usrfiles.com/ugd/9904c2_b6eecf01cb374e7db7268c7e9a37ccd6.pdf
- https://static.usrfiles.com/ugd/7598fa_87a1b22a82a041c49b03a48f3e2b8d3c.pdf
- https://static.usrfiles.com/ugd/724fb5_224ea6616abb41ef95071c2a40d4589c.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005ec9.bin150ee5011e30ce5da2b13b674c22158885ba1c4d044b5dcbc010697d9b5e50f9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5EC9 | 5656 bytes |
font_01_sfnt_off000071e2.binbf3a5676571603d09569a0001833d7bec7959864fe36e7bf3a5ba5d15728ccac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71E2 | 10248 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.