MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links, with one prominently pointing to a known malicious redirector URL. The document body, though heavily obfuscated, contains a reference to the same URL, suggesting an attempt to trick users into visiting it. The presence of numerous external PDF links, many pointing to Shopify domains, indicates a link farm strategy, likely to obscure the malicious redirector.
Machine Learning
- Nyx PDF Classifier malicious score 0.9940
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=9th+tamil+guide+new+syllabus+pdf
- https://site-1039219.mozfiles.com/files/1039219/51065997194.pdf
- https://site-1037267.mozfiles.com/files/1037267/kimujimudabelufukojazeku.pdf
- https://site-1036686.mozfiles.com/files/1036686/gizozetu.pdf
- https://site-1039775.mozfiles.com/files/1039775/50666518593.pdf
- https://site-1038710.mozfiles.com/files/1038710/figafumuwamujubumapogat.pdf
- https://dimaxafazeza.weebly.com/uploads/1/3/1/4/131453031/2697538.pdf
- https://bedizegoresupa.weebly.com/uploads/1/3/1/3/131379398/kezupukono.pdf
- https://mogilifus.weebly.com/uploads/1/3/0/7/130739831/sixukejomiwewanage.pdf
- https://gimejexoxixaza.weebly.com/uploads/1/3/1/8/131872185/d96ddb407408.pdf
- https://dutitujazekap.weebly.com/uploads/1/3/0/8/130814390/logape.pdf
- https://fodezamu.weebly.com/uploads/1/3/1/4/131407453/1000608.pdf
- https://jawasolasazilem.weebly.com/uploads/1/3/1/3/131379174/gevoderovepiru.pdf
- https://fijojonibiw.weebly.com/uploads/1/3/2/6/132681787/rotizizalipi-xulejowo-wegevok-xutijub.pdf
- https://genigudepa.weebly.com/uploads/1/3/1/0/131070712/bagatazojiz_sidatasofugugor_sofaxazute_gureluf.pdf
- http://fedorahosted.org/lohit
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0428/8882/2950/files/67663352308.pdf
- https://cdn.shopify.com/s/files/1/0433/9387/6118/files/ccloud_tv_guide_not_loading.pdf
- https://cdn.shopify.com/s/files/1/0266/7829/6756/files/milovomumeravujofela.pdf
- https://cdn.shopify.com/s/files/1/0433/5897/8207/files/poe_azurite_mine_guide_reddit.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off0000f0ad.bin375354088ccef5ac462e29e820ea3f5e64d96cbef1060cde2730f5c432ddd8ec |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xF0AD | 20852 bytes |
font_00_sfnt_off0000dd2b.bina79e5c40f6ee62a2c6feffec8cf74442066ad614178a94532cae76589562b475 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDD2B | 5756 bytes |
font_02_sfnt_off00011d89.bin47dd34bb6f863d7bd9ae3b74ed48499fc936154cd051bfb8e944f480e8371ac2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11D89 | 10300 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.