MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for linking to a known malicious redirector, specifically 'https://ttraff.cc/123?keyword=campylobacter+jejuni+y+guillain+barre+pdf'. The document body, though heavily obfuscated, appears to contain this URL, suggesting an attempt to trick users into visiting a malicious site. The presence of numerous other PDF links further supports a link farm or phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/123?keyword=campylobacter+jejuni+y+guillain+barre+pdf In PDF document text
- https://cdn-cms.f-static.net/uploads/4365549/normal_5f899f80edb3f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374704/normal_5f88fdb5ae341.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368731/normal_5f89098ba5549.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367903/normal_5f87f0beab3c6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4372707/normal_5f8951f45f852.pdfIn PDF document text
- https://fupexorugukemig.weebly.com/uploads/1/3/0/8/130814763/fusegoj-xekawate-sumuxal-jerosedof.pdfIn PDF document text
- https://vekejuritikoj.weebly.com/uploads/1/3/1/8/131857631/9460805.pdfIn PDF document text
- https://walijogopabo.weebly.com/uploads/1/3/0/7/130776167/b4e6966cf639ec.pdfIn PDF document text
- https://xawuwotogot.weebly.com/uploads/1/3/2/6/132695388/1bc6ca0f8c.pdfIn PDF document text
- http://repositorio.pediatria.gob.mx:8180In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://cdn.shopify.com/s/files/1/0268/7621/5482/files/tonaxixikaxinagavibomanam.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0484/0040/0544/files/cladogram_practice_2_worksheet_answers.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0481/2957/3031/files/pl_sql_tutorialspoint.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0485/0614/2882/files/ryobi_drill_settings_1_and_2.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/4506/7684/files/mortal_kombat_vs_street_fighter_sales.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b823c2b9-06ec-45a7-b71a-54fd30c6502d/96464447210.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8775a7cd-97a1-4eab-9a29-5e3aaaa40ff8/dunaf.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0501/7442/7296/files/echs_online_application_instructions.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0504/4125/7110/files/wavepad_master_edition_apk_latest.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/4028/3541/files/65195785954.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0502/7853/1255/files/jemupuvejibomutuwed.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/4224/9621/files/lego_pharaohs_quest_sets.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d5a3f307-c258-4f93-bf1a-6aac7b7d5bba/ludadibiw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/100aefbf-8d4f-4ccf-a8d7-500af5ea19e3/kelomiforudur.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/599be92c-8d3b-495a-b0aa-45ffb2f1cd40/38270857278.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/67ac093d-3b27-45a6-9aac-0f6ebe0800bc/vejujebomisirafole.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ecf7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xECF7 | 5520 bytes |
SHA-256: 6cf7d916d5baea29ef69119c0208a4e7b31fe36b6219c875e04fc51ef6313ad7 |
|||
font_01_sfnt_off0000ffb3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFB3 | 10552 bytes |
SHA-256: 23b5f9d26f300b3dfb139be2551e49be2d710ecf269eaf31c8ec98bdfa761aca |
|||
font_02_sfnt_off000123ac.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x123AC | 4324 bytes |
SHA-256: 4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.