MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to domains associated with link farms and redirectors. The document body, though corrupted, contains text suggesting a lure related to 'A k jain practical physiology pdf', likely intended to trick users into clicking the malicious links. The primary attack pattern involves redirecting users to potentially harmful websites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/mozel?keyword=a+k+jain+practical+physiology+pdf
- http://zizikufo.vajravoices.com/uploads/1/3/1/4/131406453/2070488.pdf
- http://dogave.thegraphitestore.com/uploads/1/3/2/3/132303028/5038120.pdf
- http://pudos.grahnforlang.com/uploads/1/3/1/4/131483281/3050848.pdf
- http://files.sadieparrotta.com/uploads/1/3/1/3/131398197/lekimakavugex-tilosedusopul-sevuwejasuganuf-sonefob.pdf
- http://suwowejo.saniboxx.com/uploads/1/3/1/3/131380001/bd29833209ee97.pdf
- http://files.delinadream.com/uploads/1/3/1/8/131856430/9924374.pdf
- http://files.coachrenee2u.com/uploads/1/3/0/7/130738955/782ee15f104b.pdf
- http://daselovil.mariedilorenzo.com/uploads/1/3/2/7/132710795/332821.pdf
- https://site-1036982.mozfiles.com/files/1036982/lolazuwetogevug.pdf
- https://site-1037275.mozfiles.com/files/1037275/nibukepusimojosidan.pdf
- https://site-1036818.mozfiles.com/files/1036818/sosoz.pdf
- https://23922c58-902e-421d-a38e-b387b4bab872.filesusr.com/ugd/d7c203_d8e56c4184274483b70453340022ca69.pdf?index=true
- https://d6005a32-db6b-47a1-8b3a-d67b08e2a114.filesusr.com/ugd/3b0c81_ddf97dbf9a294ae0b60bed1135e2ed5d.pdf?index=true
- https://57afbda7-c256-4fca-a49d-5435d94e761c.filesusr.com/ugd/a0905b_7788355230b5493d8ec5421f31acb965.pdf?index=true
- https://b5a49648-cad0-4dcb-a64f-014d1462887e.filesusr.com/ugd/23e9be_6bcac0cf45964f5d9eed537c5ac9ce59.pdf?index=true
- https://d30fd37b-8e5b-46d4-86a0-505be16dfb0a.filesusr.com/ugd/b88e3d_eabb11adfe984f7f897ac341489ad819.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004e72.binb34e566cc78d041b41e1657a4ebaaad6ee7328de800dd3158106d6fc708106cc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E72 | 5648 bytes |
font_01_sfnt_off000061b6.bin5c4fb5a6f16993742eb6d85cdf6164fbf05fbd3559b96b72b8d4dc2d87bd18ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61B6 | 9820 bytes |
font_02_sfnt_off00008393.binebd2804bff382343e08f6a42dc45f69f4e794c08b23908ae60ba78ededae74b1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8393 | 16164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.