MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links that redirect to a known malicious domain, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains a URL that matches the malicious redirector. This suggests the PDF is designed to trick users into visiting a malicious site, likely for further exploitation or phishing.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/123?keyword=ariston+aristella+dishwasher+manual
- https://wetuxabo.weebly.com/uploads/1/3/0/8/130873937/nafati.pdf
- https://pabaxovazat.weebly.com/uploads/1/3/4/3/134323574/1151080.pdf
- https://xalipifizipig.weebly.com/uploads/1/3/1/3/131379045/xifiziwofidok_raxubef_vipigo.pdf
- https://zadujemerumid.weebly.com/uploads/1/3/2/6/132695269/908035.pdf
- https://merasewutid.weebly.com/uploads/1/3/4/3/134348660/kulomopidezopux.pdf
- https://jaketomerinojox.weebly.com/uploads/1/3/4/1/134109184/pojudamok.pdf
- https://togitarusufojir.weebly.com/uploads/1/3/2/6/132681229/guzunepi.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0497/4687/0426/files/ap_biology_evolution_study_guide.pdf
- https://cdn.shopify.com/s/files/1/0437/8840/2839/files/femukamikabup.pdf
- https://cdn.shopify.com/s/files/1/0434/4456/8220/files/assembler_jpeg_en_mac.pdf
- https://cdn.shopify.com/s/files/1/0495/7208/5926/files/92711284398.pdf
- https://uploads.strikinglycdn.com/files/3b7dba0a-a7e3-4a1c-b59f-15e05a1ce7dd/11059972410.pdf
- https://uploads.strikinglycdn.com/files/342b4c26-1be5-4f2a-be10-59aa8e7f1203/47106748778.pdf
- https://uploads.strikinglycdn.com/files/552a4a23-b47a-44a8-8ccf-996cb87a3f83/danes.pdf
- https://uploads.strikinglycdn.com/files/7b84d4eb-f1d8-4f6f-ac5d-c1a03627d978/tojimoreregef.pdf
- https://uploads.strikinglycdn.com/files/d6490e02-88bf-4e93-97f4-7c113c995d90/25450670756.pdf
- https://cdn.shopify.com/s/files/1/0496/4987/7143/files/applescript_excel_copy_range.pdf
- https://cdn.shopify.com/s/files/1/0430/9155/8551/files/61558862109.pdf
- https://uploads.strikinglycdn.com/files/eef98eee-2c5c-432f-bdef-67d918b3f386/pozotawujipujin.pdf
- https://uploads.strikinglycdn.com/files/d936494e-b635-4ff8-adc4-3f2a05246a51/7309795858.pdf
- https://uploads.strikinglycdn.com/files/5ee71042-2e0d-4a45-af20-0694d6fecf02/14070244382.pdf
- https://uploads.strikinglycdn.com/files/937762e0-e53f-45a6-aa25-10aefe64599d/71622538060.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b5d5.binb95eaa9c9245be4ac1eb91d077cc40a1f0b69fa72548b8cc984a6bc34e55de09 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB5D5 | 5148 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.