MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF was flagged for containing a large number of external links, indicating a potential link farm or redirection to malicious sites. One of the embedded URLs, 'https://cctraff.ru/strik?utm_term=no+fear+shakespeare+a+midsummer+night%2527s+dream+act+2+scene+1', is identified as a known malicious redirector. The ML classifier also flagged the PDF as malicious with a high probability.
Machine Learning
- Nyx PDF Classifier malicious score 0.8067
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?utm_term=no+fear+shakespeare+a+midsummer+night%2527s+dream+act+2+scene+1 In PDF document text
- https://static.s123-cdn-static.com/uploads/4406229/normal_5fc5ea6617499.pdfIn PDF document text
- https://gitinegu.weebly.com/uploads/1/3/4/6/134648864/subefanuzawuzolofofu.pdfIn PDF document text
- https://norusukesalija.weebly.com/uploads/1/3/4/3/134356509/loruda_renewosuve.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375699/normal_5f9f2a42cdd7e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4388617/normal_5fc44de8c2c34.pdfIn PDF document text
- https://vokozigaga.weebly.com/uploads/1/3/4/3/134316184/2832039.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413362/normal_5f9b08183ce16.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367004/normal_5f879d3b350f6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387060/normal_5fd6c97830801.pdfIn PDF document text
- https://lajawenofuki.weebly.com/uploads/1/3/4/5/134501859/tirepupili.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416144/normal_5fdaedbf36453.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static1.squarespace.com/static/5fc17c913dfdd95b60d93bb6/t/5fc5c443eaf37e3b64642480/1606796364636/wt_white_high_school_staff.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc299eea879396864131e05/t/5fc7368c48d5672cfb3a94e2/1606891150033/myaviva_health_insurance.pdfIn PDF document text
- https://static1.squarespace.com/static/5fdd2b976394b41d6424bdfb/t/5fdd9794fb7de13a6446c6b9/1608357781250/xalazokunaderifaw.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d3e7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD3E7 | 5788 bytes |
SHA-256: 8acd181d6dd4ba055c4b0dbce068b3fd190efbda56f0a9712f7fbfc118b3557e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.