MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous embedded links, including one pointing to a known malicious redirector. The document body, though heavily obfuscated, contains text suggesting a lure related to educational materials, which is consistent with the link farm heuristic. The primary goal appears to be directing users to external, potentially malicious, websites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9968
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/pify?keyword=11th+chemistry+practical+book+pdf+state+board
- https://gapefupekud.weebly.com/uploads/1/3/1/8/131871489/ruzupaxawija.pdf
- https://dutitujazekap.weebly.com/uploads/1/3/0/8/130814390/9559953.pdf
- https://tatunonomufobuf.weebly.com/uploads/1/3/4/3/134355176/bf2d07f58.pdf
- https://viweposedijul.weebly.com/uploads/1/3/1/0/131070314/puwafewisuxukapo.pdf
- https://fakimodixoto.weebly.com/uploads/1/3/0/7/130739088/16e3c.pdf
- https://xawuwotogot.weebly.com/uploads/1/3/2/6/132695388/3309024.pdf
- https://kagadema.weebly.com/uploads/1/3/4/4/134456650/3962734.pdf
- https://foxagizak.weebly.com/uploads/1/3/4/3/134332010/8375737ac.pdf
- https://zimiduninu.weebly.com/uploads/1/3/1/6/131637103/gufovuxalezoxa-dokavipem-rufibaposisaji-wujubudadewuzur.pdf
- https://wulodegekejiwa.weebly.com/uploads/1/3/4/2/134266030/8555ed67805d3.pdf
- https://cdn-cms.f-static.net/uploads/4380237/normal_5f8b9d5864621.pdf
- https://cdn-cms.f-static.net/uploads/4365541/normal_5f872f3e466de.pdf
- https://cdn-cms.f-static.net/uploads/4376404/normal_5f8cff54af290.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/xurixado/mulogivolebegamilikezow.pdf
- https://s3.amazonaws.com/tadovu/tally_receipt_voucher_format.pdf
- https://s3.amazonaws.com/susopuzupure/pebokuwoliwigo.pdf
- https://s3.amazonaws.com/zabevog/fisica_para_ciencia_y_tecnologia_tipler_mosca.pdf
- https://s3.amazonaws.com/wonoti/85120125061.pdf
- https://uploads.strikinglycdn.com/files/3ea52e39-1421-453c-ba8b-01ea0516d077/kegafepozolurazixalurozix.pdf
- https://uploads.strikinglycdn.com/files/96039cfd-a4e1-49af-ae73-7930de045662/lifedokijiwanik.pdf
- https://uploads.strikinglycdn.com/files/a0b4c2e9-a76d-4046-b9f2-87935b2762a0/84980147938.pdf
- https://uploads.strikinglycdn.com/files/7b0d5246-157b-485b-a1b9-70f154daa6ff/arma_3_rebreather.pdf
- https://uploads.strikinglycdn.com/files/be17e237-b0bf-4988-99a2-754cb946caa1/kexosuxutevunomepuwakejor.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a04.bin446f071ea63fdc370937638330c955b1c81c74fadc846ad042fa70a0a84bebac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A04 | 5656 bytes |
font_01_sfnt_off00007d1c.binb60ab4404f89b97d3eb7157d4efc7d17eb729e2d4255255c3b75d697c17eeb6f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D1C | 10616 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.