MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded links, many of which point to a redirector service. The document body, though heavily obfuscated, contains a URL that appears to be part of a lure related to a specific book title, likely to trick users into clicking the malicious link. The presence of a known malicious redirector and the sheer volume of outbound links strongly suggest a phishing or scam attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/strik?keyword=norton+anthology+american+literature+9th+edition+ebook In PDF document text
- https://buxiniti.weebly.com/uploads/1/3/4/3/134309366/3426258.pdfIn PDF document text
- https://misutinulil.weebly.com/uploads/1/3/1/4/131407711/29ecf51e66f79.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375355/normal_5f8952cb809f4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378621/normal_5f8f1e6ea6405.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384819/normal_5f91e5ff4cccc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387406/normal_5f908e9962b36.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366360/normal_5f8722dc4ab10.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384149/normal_5f8f629b84982.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367952/normal_5f8822cfc7d47.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368505/normal_5f95f90639701.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365619/normal_5f88d5cb32f30.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/b315d632-4b47-4e85-9d40-a7184d0d0d87/tijaselig.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f319682c-8a27-423a-921e-788e444292d9/80731829057.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4ed4458e-6b58-4365-b00c-835389a3bc82/68287784134.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9dfff1bb-f048-4a12-93d6-dd07266109c5/rebadifazotepadinodiwi.pdfIn PDF document text
- https://s3.amazonaws.com/lorifumofelu/94302396738.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0493/5057/4239/files/70890409366.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/7333/0586/files/87365762742.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0500/1042/3487/files/4399904998.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0428/5834/8703/files/kevamipepiziwuratifixifor.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006557.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6557 | 5608 bytes |
SHA-256: 180d5732255c116f6d5aa07e77eb5fd152ac6d2588c82c827a5f903e810083bf |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.