MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links, with one identified as a malicious redirector. The document body, though heavily obfuscated, contains text related to medical discomfort and links to external PDFs, suggesting a lure for SEO spam or phishing. The presence of multiple external PDF links further supports the SEO spam angle.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=upper+stomach+discomfort+treatment
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/b8c837_58a4473bb4ab46d0961476458d3b1b43.pdf
- https://static.usrfiles.com/ugd/d1d005_851ab943a81642e2bb37bb02665a1a77.pdf
- https://static.usrfiles.com/ugd/b8c837_30c2c394a7de43c1b808a586a801eb80.pdf
- https://static.usrfiles.com/ugd/b8c837_9e726f13ab8c42808e45e892aa7dce36.pdf
- https://static.usrfiles.com/ugd/b8c837_2e736227da9c45b5bb0b3c9fcb3d05c2.pdf
- https://static.usrfiles.com/ugd/3826db_21f67ce0155a4f9bacd8dfc42fa0130d.pdf
- https://static.usrfiles.com/ugd/b8c837_a8de1a510741490685f51a983956bd75.pdf
- https://static.usrfiles.com/ugd/ae059d_4771276090df46c9bbb89efb94eeef19.pdf
- https://static.usrfiles.com/ugd/04e6f9_bfd5851cce814edca336941170b88b00.pdf
- https://static.usrfiles.com/ugd/aff7ca_39357162dc58426b8fb1b5f7629c8191.pdf
- https://static.usrfiles.com/ugd/834936_84b3b0931aca45a3b14f9e1322211b86.pdf
- https://cdn.shopify.com/s/files/1/0437/0658/1147/files/aggiornamento_software_autoradio_android.pdf
- https://cdn.shopify.com/s/files/1/0431/3019/2039/files/wijovedugirupu.pdf
- https://cdn.shopify.com/s/files/1/0431/7259/3820/files/73869169304.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000070dd.binfcee157b2d840222bf2aaff47dc37a38171479eb800b94bd4b1c03cb4fb170d2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x70DD | 5352 bytes |
font_01_sfnt_off000082ec.binee59809cdb0a6f12b6aa19c8901ca022c52a6e8d628db34dd5d85cab574edc22 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82EC | 10208 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.