MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://gettraff.ru/strik?utm_term=la+dama+del+alba+pdf+descargar'. This indicates the document's primary purpose is to lure the user to this external resource. The ML classifier also strongly flagged this PDF as malicious, supporting the assessment of a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?utm_term=la+dama+del+alba+pdf+descargar
- https://cdn-cms.f-static.net/uploads/4425727/normal_5fabe97f1249a.pdf
- https://static.s123-cdn-static.com/uploads/4417321/normal_5fc6c05ada839.pdf
- https://cdn-cms.f-static.net/uploads/4418985/normal_5fd8186cdf51a.pdf
- https://cdn-cms.f-static.net/uploads/4384819/normal_5f9c45dcdbf6f.pdf
- https://cdn-cms.f-static.net/uploads/4388165/normal_5f939b9c20dc2.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static1.squarespace.com/static/5fc0e006a879396864083677/t/5fc1f8053570fb44d148e2cd/1606547461779/rogue_warfare_3_2020.pdf
- https://uploads.strikinglycdn.com/files/977bc399-f683-4ec3-a56d-02ea2cd0eeea/2842_flashpaq_superchip.pdf
- https://uploads.strikinglycdn.com/files/90d5fbf4-a2af-4aed-b3c5-88902609b986/burns_high_school_shelby_nc.pdf
- https://uploads.strikinglycdn.com/files/81d30cd4-8e50-4b0f-a1d9-903d2d697b32/discrete_math_and_its_applications_8th.pdf
- https://uploads.strikinglycdn.com/files/bcd23639-8a2e-4773-8321-3ddd87aba5bb/28383348647.pdf
- https://uploads.strikinglycdn.com/files/813d6609-d392-4c84-b227-234bdf99bf80/91062394847.pdf
- https://uploads.strikinglycdn.com/files/42e18421-7cba-4e03-9827-4f491682a8bf/socom_clinic_macdill_afb.pdf
- https://uploads.strikinglycdn.com/files/d1202c9e-afef-4a7a-b0b8-56e01f873cb9/gawanodudujam.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b0eb.binb39ae1edd3ec5368598e3e85bf59f71b7944b60362298a546e5768786d09bfc0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB0EB | 5556 bytes |
font_01_sfnt_off0000c3bf.bin0f6acd8c035cab30fd3bf6a7111951b59cdb5b0327927c1d83b9e8d13dcbc967 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC3BF | 10996 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.