MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ggtraff.ru'. This indicates the document's primary purpose is to lure the user to a potentially harmful external site. The ML classifier also strongly flagged this PDF as malicious, supporting the assessment of a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/123?utm_term=intrinsic+fermi+energy+equation In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/9edb59be-973e-4525-ab4f-84a1d378a253/jasoxilomujuravivutuvez.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0ed4f1452f90b7fe57e24/t/5fc0f9d5e18c5c478e1ec76e/1606482389694/fire_emblem_gamecube_for_sale.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f6b147dc-468f-447f-80e6-48b14a467b00/79242663022.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7d1b858f-4e31-4e8c-b884-6a85f87eb27e/king_pellet_stove_5500m_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/10873e62-b889-4b3d-b75c-8c2105c361bc/33438133347.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a2539fec-7dbb-490e-a9f6-ff70a7728c65/roblox_twinkle_twinkle_little_star_piano_sheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/57bc1dac-a532-4b3b-b56f-3c2c3b338eb4/wutekibagunu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/88390e57-9a09-4eae-898b-de536a32f41b/50197591565.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/92e88150-7e9b-427d-9f0e-5c260e995a79/26282232922.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b75eebcc-fdc8-41b2-b976-270a459f2b9e/83564503573.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d9074b9b-3f45-44b5-858e-efe0f8d95a50/bdo_controller_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0ac978cb-6ff9-413a-b5df-5306133c9f9b/81752996744.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/30b9a6d3-246d-4b46-938f-689b144954c9/2018_suzuki_gsxr_600_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1e96fbb3-5184-42e4-93c3-79feeab3551c/bavimiwegeji.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4bb3d673-38b4-4e29-aa10-6a5a531f6e2f/pexerejefuzazi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6bc1b826-0272-47bb-a4a6-575db9ab98c9/zubivixuwatevuwuliripoxo.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc5181abe9b69395125e644/t/5fc947daeff5963d37c98952/1607026651947/tirazu.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fd0c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD0C | 5332 bytes |
SHA-256: b471fb3131de41cf35be9dfe1f5fb8002a4555e85472534da91e27a4369bee7c |
|||
font_01_sfnt_off00010f1e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F1E | 12056 bytes |
SHA-256: 5c31e0ea54387ae57234e5ced17fd1b2736ca5e3af5d624f70c6a8ba93f90cb0 |
|||
font_02_sfnt_off0001387c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1387C | 16116 bytes |
SHA-256: d53d347cea387c54c087b2cd85ea94373ed5f2f525a48ba1569850c62da8c160 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.