MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded links, with one specifically pointing to a known malicious redirector. This suggests the document is designed to lead users to malicious content, likely for phishing or malware distribution. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=entrepreneurial+qualities+pdf
- http://files.yourcanva.com/uploads/1/3/0/8/130814172/jumuvug-fawewex-raginufim.pdf
- http://fidesij.abhinav-sharma.com/uploads/1/3/0/7/130775918/0382f215a0b31.pdf
- http://files.ancestorsinmyattic.com/uploads/1/3/1/3/131383648/6672627.pdf
- http://ruxame.aedclemson.org/uploads/1/3/1/3/131380600/786683.pdf
- http://files.vasiliapiritidou.com/uploads/1/3/0/7/130776724/jarumidemo.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0432/5018/8443/files/puziruvew.pdf
- https://cdn.shopify.com/s/files/1/0429/8981/3909/files/bineso.pdf
- https://cdn.shopify.com/s/files/1/0432/6821/0852/files/fobup.pdf
- https://cdn.shopify.com/s/files/1/0433/2758/6472/files/328438937.pdf
- https://cdn.shopify.com/s/files/1/0438/9486/6088/files/fugojalebubirulinesixam.pdf
- https://cdn.shopify.com/s/files/1/0435/5037/6100/files/zaxupuvizitin.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/53293114795.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/3785448733.pdf
- https://cdn.shopify.com/s/files/1/0428/4357/0343/files/esl_podcast.pdf
- https://cdn.shopify.com/s/files/1/0438/2566/0066/files/58312289458.pdf
- https://cdn.shopify.com/s/files/1/0429/4151/3895/files/navunefepidabodafab.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f60.bina097bb34c355c9b7f31a20d8ab963b6c8a696e7ba6aa027431d0cd8797351d68 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F60 | 5120 bytes |
font_01_sfnt_off000080d4.bin8ec9d6cf2615e4425999f63a5c4945825054bde6e8247ea28f6fd0085e08588a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x80D4 | 9812 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.