MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a shortened URL, which is a common tactic for delivering malicious payloads or redirecting users to phishing sites. The PDF_URL_SHORTENER_URI heuristic confirms the use of a URL shortener, and the PDF_ACTION_PARSER_EVASION heuristic indicates the document employs techniques to evade detection. While no scripts were explicitly extracted, the presence of a shortened URL and evasion techniques suggests a malicious intent to redirect the user.
Machine Learning
- Nyx PDF Classifier clean score 0.0243
Heuristics 3
-
Clickable PDF combines external action with parser-evasion structure high PDF_ACTION_PARSER_EVASIONPDF has an external clickable URI together with object graph or xref structures that make parsers disagree, such as divergent duplicate objects, parser divergence, or xref offset mismatch. That combination is stronger than a plain link: the document is both an outward-action carrier and a parser-confusion/evasion sample.
-
Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URIPDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.radpdf.com
- http://www.radpdf.com)/Creator(RAD
- http://www.dynaforms.com
- http://bit.ly/2HoRgPO?BOTAO
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
Open this report in the interactive analyzer, or submit your own file for analysis.