MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links, with one identified as a malicious redirector. The ML classifier strongly flagged this PDF as malicious. The presence of numerous external PDF links suggests a link farm or redirection attempt, likely to lure users to malicious content or phishing sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=template+polaroid+png
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/d216cb_6dfceecdd5e74baabd9fac7e8fce3353.pdf
- https://static.usrfiles.com/ugd/d5415a_3b390feb0f6f4e6094f942cb1ef986d3.pdf
- https://static.usrfiles.com/ugd/b8bbd7_049d6469d66f4e0d993fa129dfaef42f.pdf
- https://static.usrfiles.com/ugd/de60da_431c202a87ea4be5bf103d124fe79ef0.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/1587610690.pdf
- https://static.usrfiles.com/ugd/77d535_ff3db8df2af94732a3a07b9a4ab90b4c.pdf
- https://static.usrfiles.com/ugd/9cfd0a_86ace6fb2fc8448682054a535fdacca1.pdf
- https://static.usrfiles.com/ugd/b8c837_375a05807ce04b289c25bb17c0fdcfbd.pdf
- https://static.usrfiles.com/ugd/d162e3_e542a190e03b4854b52a187c651378b9.pdf
- https://static.usrfiles.com/ugd/b8c837_3b2ba8aee31646b8bd12746a95db0613.pdf
- https://static.usrfiles.com/ugd/9421c8_cde2b89f7c6d4c429e32ed5981197452.pdf
- https://static.usrfiles.com/ugd/7f16bd_8d485a606b7541ea83ff2bc2b4f538df.pdf
- https://static.usrfiles.com/ugd/162fe6_65bb60385ef9412c955f5fcec62bc8bf.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004ec6.bin2c6d1ff1aae5338fc50cd7da99c0b37f20bf5e9e23dbdedc514ff1ae397ad871 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4EC6 | 5048 bytes |
font_01_sfnt_off00005fd7.bin5e5028db5f34a9a0434a0fa33d7c087a0e2645f0745d32089bc530dcbff3cefd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FD7 | 9936 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.