MALICIOUS
74
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains heuristics indicating it is malicious and uses an SEO redirector for phishing. The document body, though heavily obfuscated, contains a URL that is likely used to redirect the user to a malicious site. No scripts were extracted, but the presence of embedded URLs and the ML classifier's high confidence suggest a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/strik?keyword=ecumenical+key+guide+osrs PDF link annotation
- https://wofexexugov.weebly.com/uploads/1/3/4/3/134318452/seromoxelesironozuwi.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371812/normal_5f8afcfde8039.pdfIn PDF document text
- https://genigudepa.weebly.com/uploads/1/3/1/0/131070712/gapovowumepekegosiza.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4418013/normal_5f9c102346b70.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2540041a-2e6b-445c-bc1b-016645e7f6d9/nukifitidafikaseduto.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8f145dd1-0f97-483f-b9a9-e7ee41b0a6d0/nigupisojasafegi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e287cc12-cece-4b06-89f1-aa5ee39a2e44/wowukaz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/47e88edd-b4bb-4014-84f0-37127c250496/koxizikedagorawizevosi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/95a70db4-a460-4095-92da-26c4656eee52/20371648735.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0500/5757/6619/files/frases_de_la_biblia_para_jovenes_cortas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b6df61f9-c071-4809-9c5f-53f7c97d67fe/67550906358.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/1579/7917/files/44229463506.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f7d8ac25-892e-493f-b47f-7465928d479f/nowupopozufajopit.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005c29.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C29 | 5384 bytes |
SHA-256: 3dc40c7d6207ca4e39774847113d2131d09305ab4be291086ef474df95274485 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.