MALICIOUS
194
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/strik?keyword=las+respuestas+del+libro+de+matem%25C3%25A1ti In PDF document text
- http://disakax.jmfenterprisesllc.com/uploads/1/3/2/8/132815154/7d68e590.pdfIn PDF document text
- http://files.fayettedentalaesthetics.com/uploads/1/3/0/7/130740049/b4760f.pdfIn PDF document text
- http://tizuwu.ikhlastours.co.nz/uploads/1/3/0/7/130775388/mupemiwuvotepakaw.pdfIn PDF document text
- http://files.whealey3md.com/uploads/1/3/2/8/132814791/175620.pdfIn PDF document text
- http://files.sailinhistory.eu/uploads/1/3/0/9/130969897/puzabadijubelore.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/a2f18f73-56b9-47b0-94a8-db5b42342b1b/vabovisib.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e8be7742-e8a1-4799-a1b0-78fc04b955a7/13369627408.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eba14566-e98c-4d45-a331-453dfcba1a90/zalariborizilumizosilage.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bad83f61-b0e2-46b6-86c9-be3b47225881/xerisoxubukob.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1f410f0e-b878-43d7-b098-69e04c8d8b1f/degatejogupuwaxulixewu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6ee15baf-8603-44b1-a770-8378545f41ec/57085770058.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de44024e-f943-49c0-8ba0-7c88545c3850/xaxuw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9f6e0dfb-a107-45b6-91d6-868e5e9fddc1/74734554753.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3ca645c9-37e2-4784-bfcb-7577bda2bb70/3169814619.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/796af632-cfb0-4c9c-ba82-c69f46944cd1/banofinegujewimemor.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/02d952d1-af90-49a7-b89b-55cd4a37a940/76952247461.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d543d6cb-cd20-4db4-b6db-4db019761bcc/68672337164.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b35fc1f9-06ee-4792-879a-017ca3b9f345/85267274227.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005c08.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C08 | 5420 bytes |
SHA-256: 4751a99d109067bce334b8e82818e36d67230754d5cd87a6444002067db78f06 |
|||
font_01_sfnt_off00006dc5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DC5 | 2936 bytes |
SHA-256: 86ab7f572818772b89710e8f0a7fcc852d72ecdbf0b1614ea6f0702268944961 |
|||
font_02_sfnt_off00007939.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7939 | 10888 bytes |
SHA-256: 6748ce791a561a0c294c6138fbff6433c982039b48c0e69f09ea63b58dd3b47d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.