MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ggtraff.ru/strik?utm_term=bubble+tea+house'. This URL is the primary indicator of malicious intent, likely serving as a lure for phishing or to download further malicious content. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/strik?utm_term=bubble+tea+house In PDF document text
- https://cdn-cms.f-static.net/uploads/4412151/normal_5fc06e65b96da.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454575/normal_5fb0113a53553.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4489853/normal_5fd3419a9b2f6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380680/normal_5f8d68b98d866.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4449793/normal_5fc8bb63cc132.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4477863/normal_5fdd9d471c6ba.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2a956898-9ce1-4498-8b1c-d6a5d85a0025/sajegubon.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8de3b53a-e25f-4515-b71a-d2b128f171c4/17963013231.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/596c1e5a-17c7-4511-b441-37e301938950/19959617630.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc59a22405d5340f349ab9c/t/5fc6d67c1d106d256bb09cae/1606866556518/pocket_door_frame_rough_opening.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9adfaf0d-6c45-45a3-b474-2a45ca80bf54/boucheron_pour_homme_basenotes.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc6d632c39fde0238a5f002/t/5fd03165ef76c20f2d40411f/1607479656662/rainforest_sleep_sounds_varozvi.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf57b8e6d49a06bb88f845/1606375362955/frankie_valli_daughter_song.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc52342e2fce462bca75e82/t/5fc9dd91ee6dcf7e36349fea/1607064979377/21278055435.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01916e2b-020e-463d-a0bf-0a972a6b5a9d/lezuredazebovomawopu.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d43a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD43A | 4864 bytes |
SHA-256: 0bbf5f7b3addd1dd2a9fb48458feee818eb651a8c11ad1eca5851201d6c31421 |
|||
font_01_sfnt_off0000e4c0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE4C0 | 10796 bytes |
SHA-256: d65750023273856a4716e6e8857306e26b9cf48525ef22cd1ca0fe2cad19a27a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.