MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?keyword=human+psychology+books+in+telugu+pdf In PDF document text
- https://kuwofepex.weebly.com/uploads/1/3/2/7/132740654/kanemusurupow-mogoseru-kinufi.pdfIn PDF document text
- https://gonerogad.weebly.com/uploads/1/3/1/4/131438616/fb90b66957c.pdfIn PDF document text
- https://tebamebameden.weebly.com/uploads/1/3/3/9/133997375/4192997.pdfIn PDF document text
- https://tadeganerusoza.weebly.com/uploads/1/3/1/4/131438541/meraposofemusug-tagelawalob-puxodi.pdfIn PDF document text
- https://jakedekokobara.weebly.com/uploads/1/3/1/3/131381480/kusidejotegatebedu.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off00005713.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off00005713.bin)
- https://uploads.strikinglycdn.com/files/db29fe62-47ba-4f8b-a8c1-7380312a33a7/34186451701.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/edce7ec5-a5a4-46f7-94c4-64d712764efc/riledifuponimalesizi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8c9e3c4a-76b9-4c80-8ffc-9959c82406e8/89805046217.pdfIn PDF document text
- https://s3.amazonaws.com/nopomewegobij/90190149276.pdfIn PDF document text
- https://s3.amazonaws.com/zikeko/nigasa.pdfIn PDF document text
- https://s3.amazonaws.com/megodipewukitoj/ravish_kumar_book.pdfIn PDF document text
- https://s3.amazonaws.com/zarelusipofox/tecnica_vocal_italiana.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/1436/4059/files/gunship_battle_hacked_version_download_for_android.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/2779/1009/files/34348878966.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0437/1123/4199/files/green_mound_juniper_height.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0266/9300/9604/files/34875764281.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4dee1a4c-0818-4774-a978-ea0dcb52de9a/kotiz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1f85c0d1-1cc9-4998-bdee-4ef74ce7ab2a/download_dragon_ball_z_ppsspp_games.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/60681662-ede4-4ed3-8266-c871f17ee219/68779553576.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9796bcf7-fe92-47a7-94ef-23db2c710367/brother_xl_3022_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb3c2839-1cb2-4d2d-a491-03d7d51cd871/53913042115.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off00005713.bin)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005713.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5713 | 5740 bytes |
SHA-256: def077eb5404b459816193e15822173ff820a51a07d4c83e6ed2582c4f7be07f |
|||
font_01_sfnt_off00006a6a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A6A | 9856 bytes |
SHA-256: 82e4e31b0ab147bd88a8ec33c97ea50d4d6c85a8e1a25650697774ff941c1f56 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.