MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a link to a known malicious redirector, identified by the heuristic PDF_MALICIOUS_REDIRECTOR_LINK. The document also impersonates a cloud file-sharing service, suggesting a phishing lure. While no scripts were explicitly extracted, the ML classifier and ClamAV detection strongly indicate malicious intent, likely to redirect the user to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Cloud document impersonation lure medium SE_CLOUD_DOC_LUREDocument impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/aws?utm_term=pdf+editor+bookmark In PDF document text
- https://cdn-cms.f-static.net/uploads/4451045/normal_5faeef72cca28.pdfIn PDF document text
- https://cdn.sqhk.co/luvuxokam/UNhbiaz/first_grade_math_problems_worksheet.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2ca5c9ed-1064-4388-912c-9c2e39e9e7d4/89921199346.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dceeacbf-cb7d-4fe3-a12e-9f10e7385ac6/periplus_of_the_erythraean_sea_upsc.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a69a97e2-e26b-45b7-b4f8-673d8d0adb2f/55584841010.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f1ef7374-6e34-444f-97c3-a3cfb6bc4067/knit_front_and_back_of_next_stitch.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c50c1e28-b154-43d0-b0d5-9f5049358ca5/totojedatupodof.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8dbc74ff-4039-4378-a000-a2b8f7af0ff9/the_better_man_project_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d275e1f7-e202-43c6-bfe5-f3d30d69306a/5951163234.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4d126944-6dff-415e-9598-ef068b66f69c/wosetarifodobim.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ba7fe571-ab83-4710-9400-55ad29e97221/maxugopifitaropamas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aa071782-979c-44fa-ae8a-747b4b496195/malayalam_novels_to_read.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1d2fdeb4-c232-47d7-b310-2bdf12f9894c/haunted_houses_near_me_open_friday.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ec0e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC0E | 5048 bytes |
SHA-256: 46acfbf62bb19c2809f9f0321ebe1777601088b45d0e20727b12c8141b8f6c7c |
|||
font_01_sfnt_off0000fd26.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD26 | 10816 bytes |
SHA-256: 96837f24db8bd303d72271844b833be7ee7bd283cb4307020028ad24f3760282 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.