MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/123?keyword=download+hotspot+shield+apk+2020 In PDF document text
- https://kubupukadumu.weebly.com/uploads/1/3/1/3/131382740/384697.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4415769/normal_5f9645315c6d7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379859/normal_5f938b4b5f932.pdfIn PDF document text
- https://tivakoxidedopa.weebly.com/uploads/1/3/0/7/130776298/sigamo.pdfIn PDF document text
- https://folukufisika.weebly.com/uploads/1/3/1/3/131384255/3825337a46c2.pdfIn PDF document text
- https://sawalodisixujig.weebly.com/uploads/1/3/4/4/134490012/6584376.pdfIn PDF document text
- https://zuxuzesis.weebly.com/uploads/1/3/1/4/131438019/4437021.pdfIn PDF document text
- https://zikavudosun.weebly.com/uploads/1/3/4/3/134329779/gukikedefujudek.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384472/normal_5f908db8a0c05.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369496/normal_5f9235d14d0bc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367625/normal_5f8b81773852d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416654/normal_5f95b43bc3cac.pdfIn PDF document text
- http://fontawesome.iohttp://fontawesome.io/license/In extracted file (font_00_sfnt_off00006e93.bin)
- http://www.ascendercorp.com/In extracted file (font_01_sfnt_off000076af.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_01_sfnt_off000076af.bin)
- https://uploads.strikinglycdn.com/files/543ed436-8c51-444c-8f9a-838865a23de4/27281327320.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/449fb857-2ea1-4e41-82ce-34792e06bc2c/avanset_vce_crack.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef19dfe3-e76a-496c-ac68-4677aa1318fe/67997279412.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ca1346ee-8ee9-43ff-b284-b4f27b59e217/nexixolowiwi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/297c71d1-dd9a-4e3a-bc10-25ea9393ed3b/fagatezomaxorokojul.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d3d1bda7-66de-4617-b3d7-19939c633f61/bivonufabizoki.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8f34640c-b2c5-4aee-8a20-68896bbda5e7/88207690473.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e7c5c3eb-67fd-4d1c-9779-21dcb4fc5261/69969155647.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_01_sfnt_off000076af.bin)
- http://dejavu.sourceforge.netIn extracted file (font_03_sfnt_off0000b1bd.bin)
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn extracted file (font_03_sfnt_off0000b1bd.bin)
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e93.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E93 | 1728 bytes |
SHA-256: ea5f39a4ceba791772aa2f4814517dd5722aeea733a01686da649f7090e18245 |
|||
font_01_sfnt_off000076af.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76AF | 5380 bytes |
SHA-256: 93166bf3aa1566ccce67f9477966215d8951022f29a865da3bba6e64f1be4f94 |
|||
font_02_sfnt_off0000890c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x890C | 11992 bytes |
SHA-256: 934223996b2c06609ca30e0de009107b928b972a8e36052b53e5076e2ac7a986 |
|||
font_03_sfnt_off0000b1bd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB1BD | 16272 bytes |
SHA-256: 58a3b6dbd48e6649dc00aba05cc4bb117c41d2cc7935301404fb466d1683dab3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.