MALICIOUS
212
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
T1059.007 JavaScript
This PDF file was flagged by multiple heuristics as malicious, including a critical finding for linking to known malicious redirector infrastructure. The file contains a large number of embedded URLs, many of which point to external PDF files, suggesting a link farm or SEO poisoning attempt. While no scripts were explicitly extracted, the presence of embedded URLs and the ClamAV detection indicate a phishing or trojan distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.8793
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/aws?utm_term=dp+animation+maker+software+free
- https://kabijibijeg.weebly.com/uploads/1/3/4/9/134900291/jamux.pdf
- https://sasakafu.weebly.com/uploads/1/3/4/3/134371045/e64a99a76cb1f.pdf
- https://cdn-cms.f-static.net/uploads/4412774/normal_5fa2db593b7a0.pdf
- https://nikuwexipamojag.weebly.com/uploads/1/3/0/8/130813731/ketusenonaduso.pdf
- https://nudopimiga.weebly.com/uploads/1/3/1/0/131070212/8339731.pdf
- https://cdn-cms.f-static.net/uploads/4488569/normal_5fd2af17c81c3.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/51ddf341-5cf6-4360-9177-164dcd2e1b74/brother_lc103_user_manual.pdf
- https://uploads.strikinglycdn.com/files/c4219c38-cba3-439f-8966-57c8aef9d525/ohio_state_club_hockey.pdf
- https://uploads.strikinglycdn.com/files/debe8b54-467e-4ae1-8fa8-54e1bd1c4c2a/pokemon_platinum_rom_hacks.pdf
- https://uploads.strikinglycdn.com/files/0f875781-5f8e-4d95-b366-70756c88721a/pork_rub_for_ribs.pdf
- https://uploads.strikinglycdn.com/files/d3dbab27-6bce-46ba-a892-1b4b594df026/5663077525.pdf
- https://uploads.strikinglycdn.com/files/255cf2a7-3db6-4020-9101-099479473e35/poodle_pitbull_mix_puppies.pdf
- https://uploads.strikinglycdn.com/files/89611a42-4e3b-4298-9aef-e73bfab8606b/43234829414.pdf
- https://uploads.strikinglycdn.com/files/00aeab26-0126-454c-bcf3-992e22dc6738/pokenalejida.pdf
- https://uploads.strikinglycdn.com/files/ae225356-8fb6-4f87-a222-946ebfb52844/puxosufafexemovuwa.pdf
- https://uploads.strikinglycdn.com/files/eda8dd2a-2972-4251-8542-df0cfab510b1/the_art_of_war_for_the_new_millennium.pdf
- https://uploads.strikinglycdn.com/files/dd783938-9784-4427-b654-3ac031406341/cookworks_signature_steamer_instruction_manual.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d9e7.bin9a07f628ac302351b8390798b2e05be2dff5778afbd7bea7434089aa10248c8c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD9E7 | 5172 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.