MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document contains a large number of embedded links, many of which point to potentially malicious redirector infrastructure. The document body, though heavily obfuscated, contains a URL that appears to be a lure for a game leveling guide. The presence of numerous links suggests an attempt to direct users to malicious sites for further exploitation.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=leveling+guide+dragon+nest
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://7a435176-2da7-4797-a73b-d45dbda8ac7d.filesusr.com/ugd/966478_4bc27ddba6d2426e81ccc2af0ef06a86.pdf?index=true
- https://8514f931-3940-49dc-ac62-88df3c7bdec3.filesusr.com/ugd/7ba596_e953f7ec70464a1b8a624dda7a77d90f.pdf?index=true
- https://85607eb3-8fbc-4e20-9e3e-5e3503457304.filesusr.com/ugd/9f06f8_1102ae0f9cb74afbbf3ef6ea8cf6a3ea.pdf?index=true
- https://cdn.shopify.com/s/files/1/0462/7208/6173/files/96033983414.pdf
- https://cdn.shopify.com/s/files/1/0430/0632/8995/files/yamnuska_climbing_guide.pdf
- https://01365aff-a253-4fbe-99c7-e2c1a4a2e56b.filesusr.com/ugd/665c20_13f4399c1bb748c5b73aabb24aa7fed4.pdf?index=true
- https://0fc65e2e-8c39-4664-8d0f-655e1b46df34.filesusr.com/ugd/7ff653_758bce1bdfb5449aa377a9b27d11aa0e.pdf?index=true
- https://94f9906f-a76f-4f65-85c4-049496cca471.filesusr.com/ugd/bdc04d_e021ca6df477483ead8ec4e1ec766c44.pdf?index=true
- https://cdn.shopify.com/s/files/1/0433/6163/2406/files/39845863702.pdf
- https://cdn.shopify.com/s/files/1/0462/4941/0714/files/36386357634.pdf
- https://cdn.shopify.com/s/files/1/0430/7946/7162/files/xbox_one_guide_button_steam_big_picture.pdf
- https://cdn.shopify.com/s/files/1/0440/8557/5832/files/gusuneberupajevav.pdf
- https://cdn.shopify.com/s/files/1/0428/5346/6271/files/25084038573.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000637a.binb06dc6da066d0ba016c0b65430344d5a40af200dde3b9f7c4c11917f669ee3e9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x637A | 4992 bytes |
font_01_sfnt_off0000748c.bin0ac42f0aa562d801b2d2bbc269f52d0c7cc4052543caf76cd0b0f2d70b19e8b7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x748C | 10464 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.