MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?keyword=upsc+cds+2+2019+notification+pdf In PDF document text
- https://cdn-cms.f-static.net/uploads/4391893/normal_5f90c7297634d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374843/normal_5f9523579ed7e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374532/normal_5f8d94d97afd5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368471/normal_5f87d8452ca0f.pdfIn PDF document text
- https://zalopajozi.weebly.com/uploads/1/3/1/4/131453352/6532961.pdfIn PDF document text
- https://xirunokud.weebly.com/uploads/1/3/4/4/134467368/kiwilobarokimakog.pdfIn PDF document text
- https://banafazag.weebly.com/uploads/1/3/4/3/134325205/6198275.pdfIn PDF document text
- https://misutinulil.weebly.com/uploads/1/3/1/4/131407711/tupunavowaxosixu.pdfIn PDF document text
- https://rofetavagamufup.weebly.com/uploads/1/3/4/3/134373504/xefadituz-xurizilu-fikadesewivo-pojak.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off00007001.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off00007001.bin)
- https://uploads.strikinglycdn.com/files/901a8ce0-6ef4-4195-87ca-ae67eec37310/raluxov.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f739da8-594c-4a88-869b-86a94ffbd551/nujesobugi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bbaa2a9c-72e9-45ae-bfb9-d2f8826eb360/97530956261.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dcde12cd-a491-4657-9e85-1afc7961d662/buvenobofuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1726ac83-8edf-4dba-9311-5dd35311d02c/wolfenstein_the_new_colossus_uncut_patch.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b920a153-6c65-444d-823b-96d9a0a6567e/ramomek.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d8077d9-3d45-4ca3-987a-f626dbc45169/25180253651.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/617e1d07-5e2d-4db8-9eda-6cc6309104f3/10575146374.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5fb607e2-23e8-4063-901e-d365ad4aec15/gold_card_application_form.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a6d2b118-2215-49a0-b299-5a835a3ef64a/25105990800.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a70685c4-a0f7-49aa-aa75-3ce9e3a42e83/vuwawu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e54aceaa-3d56-4fdb-bede-de51a3fa3fc1/30016144282.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0497/7888/4759/files/step_pedometer_android_app.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0502/9661/9193/files/zutovebekuxojep.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0484/5587/6762/files/kebemuf.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0503/3879/1582/files/english_exercises_for_grade_4.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/9440/0423/files/parts_of_the_digestive_system_worksheet_answers.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off00007001.bin)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007001.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7001 | 5496 bytes |
SHA-256: 4fd60f519cc92e309b4f1b6a152bf1e7e301be0f371520a5823b2c919f590dfc |
|||
font_01_sfnt_off000082c6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82C6 | 10752 bytes |
SHA-256: 2ef2846519b7cfb6ead7613c5437e47fd72f01a4316645bfec5df4c8401b02ac |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.