MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, 'https://gettraff.ru/aws?keyword=haier+mini+fridge+manual+2.7', disguised as a product manual. The ML classifier also strongly flagged this PDF as malicious. The presence of embedded URLs and the overall structure suggest a phishing or redirection attempt to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/aws?keyword=haier+mini+fridge+manual+2.7 In PDF document text
- https://pitimonajavigo.weebly.com/uploads/1/3/1/3/131383860/pejaramo.pdfIn PDF document text
- https://vezorobabuwej.weebly.com/uploads/1/3/0/9/130969079/xawiwew.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367301/normal_5f8fdb288bac8.pdfIn PDF document text
- https://jeponiruwapin.weebly.com/uploads/1/3/0/7/130776483/pugavurepisuxo.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387807/normal_5f8e976b3ca2c.pdfIn PDF document text
- https://buluzuzumaz.weebly.com/uploads/1/3/1/6/131636727/7878292.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4414335/normal_5f94bd19440f3.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/subud/acuerdo_286_ceneval.pdfIn PDF document text
- https://s3.amazonaws.com/sinamozagemoger/juwonegam.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cc76ce9a-8572-4436-87da-59c1b16e05ee/4440523357.pdfIn PDF document text
- https://s3.amazonaws.com/pesetufavo/tibofanozuturomozupegesid.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/23deb24b-9056-48c8-a82a-f305c08650e3/12353455762.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f42.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F42 | 5256 bytes |
SHA-256: 1380848e268c9c47243a727262b0c597a1b1812435095c99b4bc0612450bd776 |
|||
font_01_sfnt_off00008119.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8119 | 10744 bytes |
SHA-256: 0500e517e6de2aa4c52d1a0cd6377803e06757053e26a37ed27b6e348167653c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.