MALICIOUS
194
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains heuristics indicating it is a malicious redirector, specifically designed to lure users with a seemingly innocuous document title. The primary malicious indicator is the embedded URL that leads to a known malicious domain, likely for phishing or to serve a secondary payload. No scripts were extracted, but the PDF structure and embedded links strongly suggest a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9989
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/award?keyword=apology+for+poetry+sidney+pdf In PDF document text
- https://static.s123-cdn-static.com/uploads/4366317/normal_5ff88e7ea4c7b.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4366633/normal_5fcdb8ae33e83.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4466408/normal_5ff69abd26256.pdfIn PDF document text
- http://fefogumok.22web.org/10003905405.pdfIn PDF document text
- http://gabukamapomife.22web.org/kobevedolit.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4483624/normal_5fe907c6736b0.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/vovopafubipu/the_quran_online_translation_and_commentary.pdfIn PDF document text
- https://s3.amazonaws.com/loranoduzuja/twist_of_faith_movie.pdfIn PDF document text
- https://s3.amazonaws.com/rurosaveruk/survival_of_the_fittest_definition_sociology.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d6b8fb6e-e13f-4438-bdec-608db44e8517/the_lord_of_the_rings_book_pages.pdfIn PDF document text
- https://s3.amazonaws.com/lezopobigeza/aggregation_short_form.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3c9255b8-ba5e-452f-be89-537474232b4d/mefamimaruzajerajifemut.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9e0ca5e5-5996-45a8-bd21-1080fc47b7d4/31344830596.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/490c2fad-c85f-42bf-8d79-9cf70e4ca152/cannon_landmark_safe_reviews.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a81fbabf-e753-4c3f-9107-a0d906e72218/41129897783.pdfIn PDF document text
- https://s3.amazonaws.com/wozowuledij/hummel_age_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/999e207a-aa7a-4fdd-aeff-29ffa33b5ca9/how_to_calculate_working_capital_in_balance_sheet.pdfIn PDF document text
- https://s3.amazonaws.com/wipotegadodorek/zurumun.pdfIn PDF document text
- http://diresudavu.rf.gd/kebibakorefegijiv.pdfIn PDF document text
- http://povuputuk.epizy.com/tunidimi.pdfIn PDF document text
- https://s3.amazonaws.com/sizadagazagaj/17190466645.pdfIn PDF document text
- https://s3.amazonaws.com/defipedibe/9668392224.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/17cf5839-d143-4dc2-8e1f-a8da97bab9f0/is_blackstar_a_good_amp.pdfIn PDF document text
- http://fojamemu.epizy.com/42501919067.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010a62.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A62 | 4880 bytes |
SHA-256: f94156308a2c13d3246b44a08756bccfbaea6fae694bfdc468de84c48c7c652d |
|||
font_01_sfnt_off00011b12.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11B12 | 10876 bytes |
SHA-256: a7af0d9d1bfee074644d5f4a4084036e3cf1001e097b4ceb1cd85a7d4cf54f06 |
|||
font_02_sfnt_off00014058.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14058 | 4324 bytes |
SHA-256: 9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.