MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
This PDF document contains numerous embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, contains the URL that leads to the redirector, suggesting a phishing or malware distribution attempt. The presence of a link farm further indicates malicious intent to distribute or obscure malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=simplifying+radicals+worksheet+answers+geometry
- https://cdn.shopify.com/s/files/1/0433/5134/3269/files/nebawirapelatejodovumigep.pdf
- https://cdn.shopify.com/s/files/1/0431/0787/7017/files/android_update_for_samsung_s9_plus.pdf
- https://cdn.shopify.com/s/files/1/0467/9958/5429/files/film_chair_de_poule_2_streaming_vf.pdf
- https://cdn.shopify.com/s/files/1/0428/2764/5084/files/dawaje.pdf
- https://cdn.shopify.com/s/files/1/0434/3640/8982/files/55105082879.pdf
- https://static.usrfiles.com/ugd/c33cdb_2e555e24a3c3431191f9fe3bdbec8d0e.pdf
- https://static.usrfiles.com/ugd/3ceeb9_436d206cf3984f4ca148564e28bf05ec.pdf
- https://static.usrfiles.com/ugd/2c8d66_4779b85a59fb443e91968003d67108ff.pdf
- https://cdn.shopify.com/s/files/1/0441/0625/2440/files/fojopababozawuvizabelod.pdf
- https://cdn.shopify.com/s/files/1/0428/3033/2060/files/gasifikasi_biomassa.pdf
- https://static.usrfiles.com/ugd/b98abb_2d969f0f8b4c48948ec1b6b171783077.pdf
- https://static.usrfiles.com/ugd/1f6d71_1abb14eb4c0141a59f5896c05ea80924.pdf
- https://static.usrfiles.com/ugd/b8c837_fb53133584154903b1f367876c521722.pdf
- https://static.usrfiles.com/ugd/f09a9d_c3d4a552ca2e4240bf7875b7792b99a1.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005c1b.bin607a3d82fa64014bb88e4817484600b70e7588bfeb5a0d1bb6bf834ba4eb9ab3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C1B | 5932 bytes |
font_01_sfnt_off0000703f.bin157874a69c5094c851b19e7bba671a6d88bbdbca8be44210fbbe0fb5c37ee693 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x703F | 10232 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.