MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file contains numerous embedded links, with one specifically identified as a known malicious redirector. The document body, though heavily obfuscated, contains text that appears to be a lure for a game guide, directing users to the malicious URL. The presence of a link farm and the ML classifier's high confidence score indicate a malicious intent to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=fallout+3+wanderers+edition+guide
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://28cc798e-a629-4cb1-a63d-0fb05cf76ee9.filesusr.com/ugd/a07927_005a31e963cd4be79652d06ee33bf99d.pdf?index=true
- https://0a8ee201-7bab-46de-a353-8a8ca2dd7a8b.filesusr.com/ugd/7c1f05_c79ea8308bc94dffa3096111d1119f25.pdf?index=true
- https://b976a920-5c6e-49c4-a0be-f3a98ecbe043.filesusr.com/ugd/13ae68_e97d705f48744ac092f1719dee84dd4b.pdf?index=true
- https://cdn.shopify.com/s/files/1/0433/5131/0488/files/the_birth_of_african_american_culture.pdf
- https://a33f366b-c0f7-4a00-b035-f202b3158333.filesusr.com/ugd/8e66a5_a5341bd42b554f78a14509aeab9a23b8.pdf?index=true
- https://46032d26-0161-49ab-bcb5-df44870d0ad4.filesusr.com/ugd/03dcd4_4b629aa3e3574af996cde7880b275143.pdf?index=true
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/35679391278.pdf
- https://cdn.shopify.com/s/files/1/0429/9869/4042/files/zafiguxovidekademogu.pdf
- https://cdn.shopify.com/s/files/1/0439/0571/2296/files/alvin_and_the_chipmunks_home_song.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ab01.bin86d1af6a07c2ac2ee34caebda5547512f067b60cc1c890e68502a2be21de0b5c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAB01 | 5204 bytes |
font_01_sfnt_off0000bcd8.bin25a0fcf325b709ff5021e870312cd6056c214feb884d6ed8a3380bea3878c0cc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBCD8 | 11756 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.