MALICIOUS
254
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/wb?keyword=zombie%20derby%201%20hacked In PDF document text
- https://cdn-cms.f-static.net/uploads/4424024/normal_5fdb99d0b5bf7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4411923/normal_5fb5b9068e67f.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4481271/normal_5fe0e33e985f1.pdfIn PDF document text
- https://venakadu.weebly.com/uploads/1/3/4/7/134729608/5078609.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370051/normal_5fb0358912c80.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/53747948-d1b6-46b9-89b6-e7c85bc8e06c/carbonated_soft_drinks_uk_market_share.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1972dfce-0732-428e-a039-f1f50c639bcc/kamp_rite_double_tent_cot_uk.pdfIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/80308898373.pdfIn PDF document text
- https://s3.amazonaws.com/lezopobigeza/najipusinagij.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ce5473c1-94bf-4893-9045-ed96a97046dc/310mm_to_inches.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de0c36d8-2bd6-4feb-ab4b-73720f6f4bfb/brica_seat_guardian_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bac4dde8-7bc2-4aa1-a424-58b3a7ef18ed/rust_mother_s_day.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7d9b9aab-5c7d-49d1-931c-1ad28f587cab/condensed_electron_configuration_for_br.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0a040298-f248-49d9-a1ff-8cb53a28dbb0/computers_and_intractability_a_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d0a5fa08-3205-4cfe-aa61-f0a21bda83fe/gentleman_mp3_songs_free_download_at.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000da07.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA07 | 5284 bytes |
SHA-256: 655d213e648822d0079002e33cea48c0c5881a95871b9725fd1f38568b310797 |
|||
font_01_sfnt_off0000ebe4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEBE4 | 14700 bytes |
SHA-256: 53c1c4886bbdf3690fceddb134409294bbe2e59a3a9a50b66bd754890abac50f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.