MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document contains a link to a known malicious redirector, suggesting it's part of a phishing or scam campaign. The document body and embedded links point towards a lure related to 'Plague Inc hacked apk pc', aiming to trick users into visiting malicious sites. The presence of numerous external PDF links further indicates a link farm strategy to distribute malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=plague+inc+hacked+apk+pc
- http://banosabuz.nicolenaro.org/uploads/1/3/2/8/132814930/8627702.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0434/1540/4711/files/techos_verdes_tesis.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/xogasetixudaxaw.pdf
- https://cdn.shopify.com/s/files/1/0438/4915/4720/files/air_force_y_group_previous_papers.pdf
- https://cdn.shopify.com/s/files/1/0429/7143/1065/files/wipurezanewafegatu.pdf
- https://cdn.shopify.com/s/files/1/0432/1142/3902/files/arraylist_set_method.pdf
- https://cdn.shopify.com/s/files/1/0438/0357/4432/files/39141708267.pdf
- https://cdn.shopify.com/s/files/1/0437/1664/0919/files/73633990917.pdf
- https://cdn.shopify.com/s/files/1/0428/7240/6179/files/71945616995.pdf
- https://cdn.shopify.com/s/files/1/0440/4389/4934/files/44945453874.pdf
- https://cdn.shopify.com/s/files/1/0431/4529/8080/files/30636608359.pdf
- https://cdn.shopify.com/s/files/1/0435/8737/1171/files/setikunemigirelanol.pdf
- https://cdn.shopify.com/s/files/1/0450/1517/1236/files/bridge_to_terabithia_final_test.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005f6b.bin1305a03ac18b51af314d27b73843f7281c27e02bc8c0f06b160bae23113837aa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5F6B | 5128 bytes |
font_01_sfnt_off000070cf.bin921bb46186f83502f4d8e96d214c5aa3e5c4aa1584a0a91037e3fc0cd09315ae |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x70CF | 12732 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.