MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a mass of external links, including a critical link to a known malicious redirector at `https://gettraff.ru/strik?keyword=cimatron+e13+full+crack`. The document body and heuristics indicate a lure related to software cracks, likely intended to drive traffic to malicious infrastructure. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9987
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=cimatron+e13+full+crack In PDF document text
- https://site-1037054.mozfiles.com/files/1037054/4383287107.pdfIn PDF document text
- https://site-1039963.mozfiles.com/files/1039963/44028334035.pdfIn PDF document text
- https://site-1037203.mozfiles.com/files/1037203/limifevij.pdfIn PDF document text
- https://site-1036803.mozfiles.com/files/1036803/36996941137.pdfIn PDF document text
- https://site-1036678.mozfiles.com/files/1036678/kirenaxanoxovukipeva.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://cdn.shopify.com/s/files/1/0482/7611/1524/files/witchery_1.7_10.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/1396/2908/files/joxapa.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0439/1026/7035/files/vavaluxajeb.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/0937/5383/files/36020723565.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0432/3311/6317/files/jabalose.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0484/6845/9681/files/best_order_to_watch_fate_series_reddit.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005c25.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C25 | 2868 bytes |
SHA-256: 2bdac973bc0490bc1befd293a50a0a9c8580b5305222c27c7d400a5d80116e35 |
|||
font_01_sfnt_off00006655.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6655 | 5036 bytes |
SHA-256: be93262f405cd2671b2d7f0f96339872b95fb5fd8d180f70266ce93bb0e21287 |
|||
font_02_sfnt_off0000776b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x776B | 10880 bytes |
SHA-256: 3b0ad05bb62d786b9d90f5a2c26c1e0482177fa06320e2d09980a8879a644707 |
|||
font_03_sfnt_off00009c8a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C8A | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.