MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains embedded URLs that point to a redirector service, which is flagged as malicious. The document body, though heavily obfuscated, contains text related to a 'business analyst resume pdf' and the malicious URL itself. This suggests a phishing or redirection attempt, likely to lead the user to further malicious content or downloads.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=business+analyst+resume+pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/a91264_250380e134444c288b1ceed4a672d7bc.pdf
- https://static.usrfiles.com/ugd/5b604d_a0dbd2acfd254becbb9d9376d528bfc9.pdf
- https://static.usrfiles.com/ugd/79e0dc_1de74150fae544a6b737ca965750ca8f.pdf
- https://static.usrfiles.com/ugd/f80014_33a9924501224e47b3af75704cbe86e4.pdf
- https://static.usrfiles.com/ugd/ae15ca_e37a57734ea64a5199927eec8f57f247.pdf
- https://static.usrfiles.com/ugd/b8c837_32d97ab57f0a47c9ab6851cf43d13cac.pdf
- https://static.usrfiles.com/ugd/e2c250_bb2d9dbbe72f4238844c2e6620857fe2.pdf
- https://static.usrfiles.com/ugd/b8c837_b89788869c5943fcbffa2295ffcc492d.pdf
- https://static.usrfiles.com/ugd/d01287_e63cbc8e19d5487b9c2c2a6dbd387a0e.pdf
- https://static.usrfiles.com/ugd/b8c837_1194370f7fe24c9aae7dbc812492f2fd.pdf
- https://static.usrfiles.com/ugd/b8c837_ca669c5e18164dc7b1772e1030984331.pdf
- https://static.usrfiles.com/ugd/b8c837_0914cf91d1d74eb097ffca1d1712fcdc.pdf
- https://static.usrfiles.com/ugd/b48b60_4c8bb92bba484b87bc1d4b264819b3a7.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009f6b.bind59dc9d2892346b9e7ab0c53d0188993143895f15dba8c10a02f3bfad5da4e78 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9F6B | 5336 bytes |
font_01_sfnt_off0000b188.bin4ea2fff416817c01fdccf409f7dad32db273116db6f2243ffd0938a655878099 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB188 | 10492 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.