MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document contains a large number of embedded links, many of which point to external PDF files hosted on various platforms. The primary malicious link, https://cctraff.ru/aws?keyword=haz+llover+letra+let+it+rain, is identified as a known malicious redirector. The document's structure and the sheer volume of links suggest an attempt to manipulate search engine results or to lead users to potentially harmful content through a link farm.
Machine Learning
- Nyx PDF Classifier malicious score 0.9986
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?keyword=haz+llover+letra+let+it+rain
- https://wavuvavezexa.weebly.com/uploads/1/3/0/7/130775629/bozomodilumisawatinu.pdf
- https://vodipewelo.weebly.com/uploads/1/3/1/6/131637384/kopurelu.pdf
- https://xubuvene.weebly.com/uploads/1/3/1/3/131380433/xekisib_ludosuda.pdf
- https://zisokilusativ.weebly.com/uploads/1/3/2/3/132303079/velezesepiwunoxefe.pdf
- https://jugefisofewutep.weebly.com/uploads/1/3/4/3/134368120/4b83e7a72f0a.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/69e6c5a7-05ca-41a9-8875-5d42b614aa29/84212701775.pdf
- https://uploads.strikinglycdn.com/files/1cfcdb85-b0ce-40f8-bdf2-eb8c2548f3a3/22385522375.pdf
- https://s3.amazonaws.com/susopuzupure/baxumojevin.pdf
- https://s3.amazonaws.com/kavitokolezub/88937134227.pdf
- https://s3.amazonaws.com/pisedij/amaranthus_caudatus.pdf
- https://s3.amazonaws.com/rubidokezive/gta_san_andreas_cheat_codes_for_pc_file.pdf
- https://uploads.strikinglycdn.com/files/e011afdf-bd00-42f8-9c6c-3349ec2b34fe/fractal_antenna_diy.pdf
- https://uploads.strikinglycdn.com/files/f421f17f-1749-478b-98ef-4c16a9715aa5/honeywell_hy_048bp_manual.pdf
- https://s3.amazonaws.com/xanebavifamopez/93591253281.pdf
- https://uploads.strikinglycdn.com/files/93432af4-9131-4bb5-8ce5-9d64f9b3a765/connector_cross_reference_guide.pdf
- https://s3.amazonaws.com/bakoloj/92188053715.pdf
- https://s3.amazonaws.com/tujeviwakirawu/90579933940.pdf
- https://s3.amazonaws.com/jozetej/bajaj_allianz_life_insurance.pdf
- https://uploads.strikinglycdn.com/files/eb6bd815-acaa-4147-ad52-a4f85e149659/jelulegiza.pdf
- https://uploads.strikinglycdn.com/files/4ca36d24-dbb2-4b50-a042-48e2750649e8/rojadejaridogenunoturuxo.pdf
- https://uploads.strikinglycdn.com/files/adb8133c-b600-4e9f-bf75-c2b4b1cee156/mercury_black_max_200_manual.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000532e.bin1f91cba63daf46a5167e87c8b689d764db13ccbe5a7ba006685ecd19157b0653 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x532E | 4572 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.