MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://cctraff.ru/aws?utm_term=artificial+intelligence+pdf+textbook'. This URL is likely used to lure victims into downloading further malware or submitting sensitive information. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?utm_term=artificial+intelligence+pdf+textbook
- https://cdn-cms.f-static.net/uploads/4373776/normal_5f9f86e0cb4fb.pdf
- https://cdn-cms.f-static.net/uploads/4372682/normal_5fbee365c4131.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/68083103-e833-48bd-88cc-37b6e52da998/12269154428.pdf
- https://uploads.strikinglycdn.com/files/1ca86da5-1dc9-4934-bd78-2d664d2ad0ac/67083278283.pdf
- https://uploads.strikinglycdn.com/files/2ef4e395-2b36-4003-83e5-64489d12300f/baixar_bob_psiphon_2_apk_download.pdf
- https://uploads.strikinglycdn.com/files/fb0cd14c-cb3a-4839-ac08-a1bad9f7aefe/ranafililizusofode.pdf
- https://uploads.strikinglycdn.com/files/73d30f6e-d1d7-4fe0-bd22-0d333b524740/61630053294.pdf
- https://uploads.strikinglycdn.com/files/763fe239-c8d8-42fc-93dc-b3b2bb50c36e/39656556179.pdf
- https://s3.amazonaws.com/paxunu/tibco_jaspersoft_report_server.pdf
- https://s3.amazonaws.com/rujimidujek/jamagatovaluvevimizameni.pdf
- https://uploads.strikinglycdn.com/files/87391908-e8b1-48ac-864c-34048486d005/joxexolevuwutaxuvuj.pdf
- https://s3.amazonaws.com/wewuxuviwar/boom_beach_private_server_latest_version.pdf
- https://s3.amazonaws.com/sukedil/free_blogspot_travel_templates.pdf
- https://uploads.strikinglycdn.com/files/6c05bd86-671e-4cc6-b852-909c33d651e7/xefofixesexasete.pdf
- https://uploads.strikinglycdn.com/files/7abb804e-e520-4e6f-984e-65fd8fe4bba9/dalail_al_khayrat_arabic.pdf
- https://s3.amazonaws.com/henghuili-files2/70124040294.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d00f.binf66ec4c83e2c42e422f992c4492b92a78268f62d2dc29ad5b82956ef1260d978 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD00F | 5404 bytes |
font_01_sfnt_off0000e285.binb9d3deb314f43707295e185e8d80bf247964dfaaf8c3d96bba9d8915195d234c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE285 | 10632 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.