MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous embedded links, many of which point to a link farm designed to manipulate search engine rankings. One prominent link directs to a known malicious redirector, suggesting an attempt to lead users to malicious content. The document body, though heavily obfuscated, contains text related to a service manual and the malicious URL, reinforcing the lure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=hp+designjet+t790+eprinter+series+service+manual
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/36f25b_cb6f94f43db64f5fa0b6ea0caf67809d.pdf
- https://static.usrfiles.com/ugd/eda9ba_5f557f57c6684f7285f0c044cda009d8.pdf
- https://static.usrfiles.com/ugd/fac845_62309c25bd494af4b9a8e6cbccc62510.pdf
- https://static.usrfiles.com/ugd/b8c837_e5acf02223be4a95828d47b5ada9c786.pdf
- https://static.usrfiles.com/ugd/fbccce_a052c48ba9394b3da8b3e2edbb4b198c.pdf
- https://static.usrfiles.com/ugd/76b6de_d56cf193eaab499bb1ca42abe8aeca7b.pdf
- https://cdn.shopify.com/s/files/1/0431/1361/1413/files/poxoputevovoxikobifoni.pdf
- https://cdn.shopify.com/s/files/1/0431/5847/0810/files/comptia_network_study_guide_fourth_edition.pdf
- https://cdn.shopify.com/s/files/1/0431/5398/1594/files/84902618963.pdf
- https://cdn.shopify.com/s/files/1/0430/7710/7865/files/cost_and_management_accounting_questions_and_answers.pdf
- https://cdn.shopify.com/s/files/1/0430/5240/0789/files/dugojadojigupakum.pdf
- https://cdn.shopify.com/s/files/1/0437/0500/8293/files/97106525479.pdf
- https://cdn.shopify.com/s/files/1/0438/4112/6565/files/datupurukezevufagaxu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007dfb.binecd26c33926ee7c77567eac320b533575fe1ff59617c915f04e726bbad1f411a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DFB | 5868 bytes |
font_01_sfnt_off000091ea.bin0fb6b40c41a56e8ff1bd9e5905c82f2b03687650e9d4f2bdd7fc07218db6c6c8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x91EA | 14924 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.