MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/123?keyword=carboidratos+e+lipidios+resumo+pdf In PDF document text
- https://melegejisud.weebly.com/uploads/1/3/1/3/131379421/1799232.pdfIn PDF document text
- https://rigonabex.weebly.com/uploads/1/3/1/4/131483185/223756.pdfIn PDF document text
- https://wozuwonasanava.weebly.com/uploads/1/3/1/4/131483955/raxixezavuva-rugupu-ragubenusam.pdfIn PDF document text
- https://kekerisasil.weebly.com/uploads/1/3/0/7/130775365/lafula.pdfIn PDF document text
- https://folanejo.weebly.com/uploads/1/3/0/7/130776558/duwiriromiwav.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374689/normal_5f8bd8cf16ad5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369802/normal_5f8b599d0d32f.pdfIn PDF document text
- https://tibiwurab.weebly.com/uploads/1/3/2/6/132695994/3080090.pdfIn PDF document text
- https://kubupukadumu.weebly.com/uploads/1/3/1/3/131382740/1705095.pdfIn PDF document text
- https://boguvetasitob.weebly.com/uploads/1/3/1/3/131380850/wizuxizeke_jexuzufevox_zexemagatupa_lupusofejox.pdfIn PDF document text
- https://sokuvotaboraj.weebly.com/uploads/1/3/0/7/130776263/wevefitojabiwozabof.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/490cf8d7-d9e7-4a12-bd76-9e54f06cf24b/dasajiganofa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6ac5c390-fd94-414e-82d5-af2a119562f4/22278875901.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/16cb69b6-88ad-41fd-a19b-997418b4e1db/vapekonesimoregiju.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0498/3717/9042/files/amigo_brothers_text.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/0839/1330/files/maine_election_results_by_town_2016.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0486/3023/5304/files/1_on_1_hockey_games.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0502/5251/3471/files/40452309619.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13c5d3ca-ac84-4cbc-bb17-bee8a2bc165e/62008280559.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/76db7b23-0f69-4be8-b294-ff4018e06e66/pitotejafidorarisovezu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6301b785-5ae5-417a-be58-b789facde072/pelcula_papusa_chucky_4_online_subt.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/51074692-eb64-48eb-a4c6-cbaaa0f571f4/jesefuvijikuzuporu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a3c06df7-033c-4eef-978f-308033d38f36/telekibunegukirupiku.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000713e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x713E | 5124 bytes |
SHA-256: 6b9f8a916342da466b4210d50400cc7ac238dbc43308b3b19d1af5af6debecff |
|||
font_01_sfnt_off000082ad.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82AD | 10196 bytes |
SHA-256: b2cdb6e71c403f3e5fdc4f7cd267419cd32dfd62ca712242f18cd7126dcc5024 |
|||
font_02_sfnt_off0000a585.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA585 | 4324 bytes |
SHA-256: 05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.