MALICIOUS
90
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was flagged by a machine learning classifier and contains a link to a known malicious redirector. The presence of this link suggests the document is designed to lure users to a compromised website. No scripts were extracted from this sample, limiting further analysis of its behavior.
Machine Learning
- Nyx PDF Classifier malicious score 0.9980
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://botcraftman.ru/?lip&keyword=%D0%BB%D0%B0%D0%BA%D0%B8+%D0%BF%D0%B0%D1%82%D1%87%D0%B5%D1%80+%D0%B4%D0%BB%D1%8F+%D0%B0%D0%BD%D0%B4%D1%80%D0%BE%D0%B8%D0%B4&charset=utf-8
- http://img0.liveinternet.ru/images/attach/c/7//4802/4802381_albom__dlya__beremennuyh_.pdf
- http://img0.liveinternet.ru/images/attach/c/7//4802/4802829_skachat__aero_.pdf
- http://img0.liveinternet.ru/images/attach/c/7//4802/4802696_dmitriy__silov__zakon_.pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00055077.binc656b3c86463b5ef2baee63610ffe5e3455c6557eaf017777c87e22a5702451a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x55077 | 8360 bytes |
font_01_sfnt_off000567ec.bincee001f8c51d12fb3a2cdd2bfd92a59d95c987d7da46cfcb1045c913c1085dfc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x567EC | 13220 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.