MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://gettraff.ru/strik?utm_term=river+of+fire+kennewick+2020'. The ML classifier also flagged this PDF with a high probability of being malicious. While no scripts were extracted, the presence of a malicious URL strongly suggests an attempt to lure the user to a compromised site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?utm_term=river+of+fire+kennewick+2020
- https://static.s123-cdn-static.com/uploads/4489241/normal_5fc5667f38b35.pdf
- https://cdn-cms.f-static.net/uploads/4369638/normal_5fd3c6fe00ae7.pdf
- https://cdn-cms.f-static.net/uploads/4389601/normal_5fbb8e404184b.pdf
- https://static.s123-cdn-static.com/uploads/4504922/normal_5fc86f0433f57.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/tesodagiwor/64848615854.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf48c8bc819f1cf4ce9ef9/1606371530792/77801779176.pdf
- https://uploads.strikinglycdn.com/files/c1200acc-5611-49f9-b76c-aaa8c022c8ef/onyx_245_charger_manual.pdf
- https://s3.amazonaws.com/gezetega/gofokufa.pdf
- https://uploads.strikinglycdn.com/files/493660ce-6262-4e09-ab67-56919bfe5cf9/14760479838.pdf
- https://s3.amazonaws.com/fedojigudaj/codashop_pro_mobile_legends.pdf
- https://s3.amazonaws.com/sikuva/96863553623.pdf
- https://uploads.strikinglycdn.com/files/db87c366-5a45-415b-b4c6-33ce3d6845b0/18269112218.pdf
- https://s3.amazonaws.com/xubifupi/tepagiriwadugoxuvu.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf64e17acac6192ab8f90f/1606378722500/68615736490.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ab38.bin71dfcedddd6dca67c5a4363feccf7167d3ae972506d392ed06afc8b65f639172 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAB38 | 2868 bytes |
font_01_sfnt_off0000b569.bin3a01b6196da97eaae5c00774dfd54f4a09bea1b0b19ce3a3464331a396dbd94d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB569 | 4952 bytes |
font_02_sfnt_off0000c67c.bine6081361a8ea06be104c84a98976e7e4f9a006277831d5709726788c3cf39144 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC67C | 11748 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.