MALICIOUS
134
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/123?keyword=can%2527t+open+google+website In PDF document text
- https://cdn-cms.f-static.net/uploads/4417226/normal_5f978c7126b8d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4388613/normal_5f913a48110ec.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366366/normal_5f875ddc8ad1b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378149/normal_5f8bde6f76973.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4383460/normal_5f93a94fc8d0d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367921/normal_5f98cfaaad683.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371020/normal_5f8e322683fab.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4411918/normal_5f9597afc3742.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387816/normal_5f93961de8231.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369305/normal_5f89b1fd6407c.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off0000708f.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off0000708f.bin)
- https://s3.amazonaws.com/memul/61527521414.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fb35ee1c-ec25-408f-a89f-ecfc4c55808a/34419577542.pdfIn PDF document text
- https://s3.amazonaws.com/xanebavifamopez/morapadejazisibilutaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b75abba4-a111-40f8-b6f0-42ac15252b24/95825412534.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b34c663-d30c-40a8-a4bd-a418a2dc6e67/kundalini_path_to_higher_consciousness.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/df42ea93-2030-4032-8613-5928f1e75f92/28329207060.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fbed2238-62ca-46be-8d41-8d0ab412665d/59873682199.pdfIn PDF document text
- https://s3.amazonaws.com/vuliwisuwig/glock_26_suppressor_sights.pdfIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/new_amendment_in_motor_vehicle_act_2019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d3353720-f24d-4564-b84b-5007eaa81881/92378276013.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ad36c0e6-4429-4598-97d3-d2ccb21eac2f/48791607339.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf63b801-464e-4a3d-b201-26c25124ae88/55055478558.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4a2d0bbf-9788-4df7-822d-83bc1706b59b/angel_shaggy_mp3_song_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/29923ecc-0931-4d12-bd0f-cf9d4f15a4fc/54146620769.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/05422016-6914-4e34-9b0a-b81e877c5834/81012562596.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9cc45c32-16ea-421f-99b7-f6060acbe01f/xedil.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e463f476-6dde-49f3-92cb-60c43f4bf6ae/13245968297.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off0000708f.bin)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000708f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x708F | 5060 bytes |
SHA-256: ff865e57937245a63f46aa998be81ec66e622c67ab8b93cb1c0220d5b25a2c56 |
|||
font_01_sfnt_off000081f1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x81F1 | 10360 bytes |
SHA-256: b58388a4f94dc75ebac26babc3092023046fc68e3e293bc421d15598ba5f41b2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.