MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file contains numerous links, including one pointing to a known malicious redirector. The ML classifier also strongly indicated maliciousness. The document appears to be a link farm designed to drive traffic to potentially harmful sites, masquerading as content related to 'world war 2 map activity'. No scripts were extracted, but the embedded links are the primary indicators of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=world+war+2+map+activity+pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0432/4474/8950/files/panaw.pdf
- https://cdn.shopify.com/s/files/1/0429/7572/3673/files/how_do_i_update_chrome.pdf
- https://cdn.shopify.com/s/files/1/0433/9236/8798/files/admixtures_types.pdf
- https://cdn.shopify.com/s/files/1/0462/2155/7914/files/48066297153.pdf
- https://static.usrfiles.com/ugd/63d3ad_b757a232c87d40d1878f896d2e70958f.pdf
- https://static.usrfiles.com/ugd/b5472a_f2130a52e8db42cea49395eb9a4cd1b2.pdf
- https://static.usrfiles.com/ugd/67f5f7_5a8c261379b349c1ac4d7d2cec988231.pdf
- https://static.usrfiles.com/ugd/e02969_1a9ec1b0f527480f96dbefa3ff18c05d.pdf
- https://static.usrfiles.com/ugd/9374a7_ea55e42a6dab44fca32d6e7181ad6484.pdf
- https://static.usrfiles.com/ugd/b8c837_d2cebcae217b434ea6de0aeef9b1e0b3.pdf
- https://static.usrfiles.com/ugd/98857b_dee327424c5e4713b3acdde4fbe9c5e9.pdf
- https://static.usrfiles.com/ugd/80bfa9_c96b49939be64b71b55a293eba269e60.pdf
- https://static.usrfiles.com/ugd/5b9365_6777fb72b42a4c53b3795fa990c42d20.pdf
- https://static.usrfiles.com/ugd/2486b5_68bd5765f5b84dc583f2340ecde599b4.pdf
- https://static.usrfiles.com/ugd/c20ea7_c63abf068e5f463087e97126d3671dd3.pdf
- https://static.usrfiles.com/ugd/c836c3_1c26b66eed0e4f4a8ce360daad2512ba.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c467.bin50a9089ea4f623ea76bcafcb928abb78d56612023aa1231f53e3c89910e0c644 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC467 | 5524 bytes |
font_01_sfnt_off0000d743.bin4be5885514f9868bd5fbaf40f056bcb48b1f24cbfa52b9c26140a51cbaad4213 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD743 | 10240 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.