MALICIOUS
114
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains heuristics indicating it's a lure for free downloads and uses an SEO redirector. The document body, though heavily obfuscated, contains a URL that points to a malicious domain. This suggests the file is designed to trick users into visiting a site that likely hosts phishing content or downloads a secondary payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9982
Heuristics 4
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
LOLBin token sequence in document text high SE_LOLBIN_RUN_COMMANDExtracted document text contains a Windows script/execution tool name (PowerShell, mshta, cmd, rundll32, regsvr32, …) within 220 characters of a dangerous flag, command verb, or URL. This is a visible 'run this' instruction in HTML/PDF/RTF lure bodies, or — in macro-laden Office files — the macro's own string-pool entries appearing adjacent in extracted text.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/aws?keyword=worlds+impossible+quiz+2 PDF link annotation
- https://bizetuxerupa.weebly.com/uploads/1/3/0/8/130873791/f0d5d.pdfIn PDF document text
- https://kifelulamexeb.weebly.com/uploads/1/3/4/3/134310841/sozurimimov-gakarusazaz-gegemusawelida-vituferi.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365607/normal_5f872523a2c7d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384159/normal_5f8fa307b293e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365562/normal_5f8df42611d9c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4409093/normal_5f9e261ef3bc2.pdfIn macro / runtime command snippet
- https://cdn-cms.f-static.net/uploads/4365636/normal_5f874b77cf9b8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4In macro / runtime command snippet
- https://s3.amazonaws.com/zuwimadaneb/female_mind_control_system.pdfIn PDF document text
- https://s3.amazonaws.com/kewuxejikiwe/el_arte_de_no_amargarse_la_vida_en_ingles.pdfIn PDF document text
- https://s3.amazonaws.com/subud/43543530323.pdfIn PDF document text
- https://s3.amazonaws.com/xifabilejilab/obligations_and_contracts_de_leon.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0459/3277/3543/files/sonijawizewavabekurop.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/97325c1f-db2f-4680-befb-d203928a508c/wopusifopejupofilo.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0430/9614/6074/files/character_motivation_worksheet.pdfIn PDF document text
- https://s3.amazonaws.com/jukezeluf/helen_of_troy_curling_iron_1581.pdfIn PDF document text
- https://s3.amazonaws.com/tetazino/xinazotegumaporagebozu.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.