MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links that redirect to a known malicious infrastructure, specifically a URL designed to look like comments on a school report card. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK and the ML classifier strongly indicate malicious intent. The presence of numerous external PDF links also suggests a link farm, potentially for SEO manipulation or distributing further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=comments+on+primary+school+report+card
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/4b874d_a19ae136d6004b6ea73a07d1615a3f94.pdf
- https://static.usrfiles.com/ugd/36f25b_4e889c7aaf424c179454a68183cff0f1.pdf
- https://static.usrfiles.com/ugd/a1fb72_7798455ceeff4c09a7841ae4842d307a.pdf
- https://static.usrfiles.com/ugd/d5415a_31b5f907724f4164b8c1d36b50040592.pdf
- https://static.usrfiles.com/ugd/429b25_e9c29c02bd9d4d0eb8037fcb75293632.pdf
- https://static.usrfiles.com/ugd/b85eb0_110d0edf10064e408479821c5ec44119.pdf
- https://static.usrfiles.com/ugd/b8c837_48d56d99f5db44099dd19650b14b9f03.pdf
- https://static.usrfiles.com/ugd/b8c837_88ca40505ca84e849957cd6520c240bc.pdf
- https://static.usrfiles.com/ugd/b8c837_ada084d37453491c81c6fd609163feab.pdf
- https://cdn.shopify.com/s/files/1/0429/2457/2835/files/bebras_challenge_2020.pdf
- https://cdn.shopify.com/s/files/1/0433/5258/8437/files/doberefopaxa.pdf
- https://cdn.shopify.com/s/files/1/0432/2400/6820/files/ashby_jones_engineering_materials.pdf
- https://static.usrfiles.com/ugd/e4a001_f4d2d078b4c04e8eaaf830aab9545242.pdf
- https://static.usrfiles.com/ugd/432b07_4574682ae3eb493b9421938525b847f2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008685.bine0280c5c10fb94e59e1e51a97dcf2ae0f783976e9aab28581f7d2607f4545597 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8685 | 5320 bytes |
font_01_sfnt_off0000986f.bind505602f244c2a50870875e8c9b2e536948b8aa06d24e342ff36f76cf0734120 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x986F | 10088 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.