MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file was flagged as malicious by an ML classifier and contains a link to a known malicious redirector. The document body, though heavily obfuscated, contains URLs that suggest a link farm or SEO manipulation tactic. The primary malicious indicator is the embedded URL leading to a redirector, likely intended to lead the user to a malicious site or download further malware.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=aashto+design+guide
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/07625c_55a51b9fd1234d419fd1c70abcf72e8d.pdf
- https://static.usrfiles.com/ugd/b910ae_5f7cf9a79bc34cdba51f2141db48937a.pdf
- https://static.usrfiles.com/ugd/41a0b6_09124c19c4d845dd881da7db900ad116.pdf
- https://static.usrfiles.com/ugd/b8c837_63aad2c1a8234b43a7d25d63c193b7e7.pdf
- https://static.usrfiles.com/ugd/ae15ca_26921c3ac58a4476bc540c4c0b4db41f.pdf
- https://static.usrfiles.com/ugd/cec570_90e6227f5db148a4bb02a33a19b7bca8.pdf
- https://static.usrfiles.com/ugd/3aee12_764eabbb4e6245d0b68fd25b2f288dd9.pdf
- https://static.usrfiles.com/ugd/b8c837_179fd8786ac64f2db5de0ab89a31cd27.pdf
- https://static.usrfiles.com/ugd/b8c837_ffee06910d8b4c089bd896cc3b6c75a7.pdf
- https://static.usrfiles.com/ugd/913720_2666eb88263a4a499b2b36c82e7076fb.pdf
- https://static.usrfiles.com/ugd/374ce0_6362d7beb75f49e29e275f159d5e644a.pdf
- https://static.usrfiles.com/ugd/c4ccc4_d70621e720694e719d312ecb6981fe9d.pdf
- https://static.usrfiles.com/ugd/09c3c7_ef591b85ecca40d08fbe26f4196e5cda.pdf
- https://static.usrfiles.com/ugd/19103d_93e1a3b1874b4165bc79b86268a54f33.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000716c.bin246a5190de30cacc2f907fc35434a67757ee478c486a753b51e53e542cf2f615 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x716C | 4948 bytes |
font_01_sfnt_off00008238.bina0faf4f44480842a16561c816a20d6655d9deb40bbb8cc97e656ce84757f19d4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8238 | 10544 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.