MALICIOUS
192
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 6
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/123?keyword=flud+ad+free+apk+onhax In PDF document text
- https://fijojonibiw.weebly.com/uploads/1/3/2/6/132681787/xelikanotuzifaja.pdfIn PDF document text
- https://dirigesibujov.weebly.com/uploads/1/3/0/9/130969991/534b8db4a.pdfIn PDF document text
- https://gonerogad.weebly.com/uploads/1/3/1/4/131438616/bekukuvave.pdfIn PDF document text
- https://site-1042939.mozfiles.com/files/1042939/zomifunidataguz.pdfIn PDF document text
- https://site-1037850.mozfiles.com/files/1037850/27177999153.pdfIn PDF document text
- https://site-1038395.mozfiles.com/files/1038395/14091230432.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2d391f0f-c7a5-47ec-aa6e-49c3c258a250/73055703332.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b332a3f-b1fb-458c-946c-915ca02d6c9c/7503102320.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/94e118fb-dd3a-41b4-91b8-6e949c4bbdf0/17408668120.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d639aea0-d10b-43cb-9b64-3f776fd3ebe3/13016124977.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0482/8535/2100/files/12302714474.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0427/7259/4844/files/adjectives_with_bo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3031d38a-c56a-4609-af20-2db9a48d592f/talodanasufunipopago.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d64d6aa9-379e-4348-96ff-0a6eaba068e2/vebaxizelevaton.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e740a5a9-c808-4279-9a59-df7b2de20396/65693979615.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8004bdff-15f9-4819-a1e0-cf3d8d325ee8/5538683747.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f68191b9-0d7c-47d7-af10-0f8dad9952c0/2803573047.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01ef6773-e048-4463-8087-d9f261e1759e/35459071614.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000639a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x639A | 5036 bytes |
SHA-256: 03fffe78adcf5cac6ec1b5616335cedc8f1b9414c0bab2cfe05c500da9afbb83 |
|||
font_01_sfnt_off000074b5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74B5 | 15192 bytes |
SHA-256: cd9fa319fb9ac7c6eb40e484c87ca4285bd5f4974b75903de24ab48c85f9bb80 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.