MALICIOUS
124
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?keyword=shree+mahalaxmi+calendar+2019+pdf+free+download In PDF document text
- https://gimejexoxixaza.weebly.com/uploads/1/3/1/8/131872185/987b21c6b.pdfIn PDF document text
- https://jelamiwigu.weebly.com/uploads/1/3/1/3/131382248/satavot-purevi-gojakiz-lusopug.pdfIn PDF document text
- https://fidevawane.weebly.com/uploads/1/3/0/8/130814252/porawi.pdfIn PDF document text
- https://towetebofipu.weebly.com/uploads/1/3/1/4/131437669/020e3b727db.pdfIn PDF document text
- https://puliwavigajog.weebly.com/uploads/1/3/4/4/134469254/kijum.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366027/normal_5f89ab713e770.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367635/normal_5f95abfe54567.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off0000599a.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off0000599a.bin)
- http://fedorahosted.org/lohitIn extracted file (font_02_sfnt_off000091c4.bin)
- https://uploads.strikinglycdn.com/files/16cac59f-8ed7-4a42-8cf4-06d78cf92b1a/77133540894.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/855ff781-23a4-4386-a241-dff1d0fde5b0/vabosiguvavejezubo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dbb12265-b586-4009-a4d4-d85a2eacf4f3/96310839779.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5ee2a1d7-2e39-4659-96d8-dd6a96e2bc1a/26685084447.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f9112d2e-67a8-4740-a437-35e887416651/download_g930v_firmware.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0432/4202/9215/files/chatous_mod_hack_apk.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0432/6627/7534/files/rusty_bucket_nutrition_guide.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0501/7482/0528/files/top_notch_1a_second_edition.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/781102d7-638a-4e7a-ad9b-c39e0b6c0ac4/72797855835.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/15257d50-a2bd-49c4-b0c2-58771e0cc8c5/xofolu.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off0000599a.bin)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000599a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x599A | 5960 bytes |
SHA-256: 24a13fbbd85d0bfa7e02f750fce1450e325a1d790439eb3970eca3d702b45637 |
|||
font_01_sfnt_off00006dd6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6DD6 | 10592 bytes |
SHA-256: 8ed5bff15cb1e33f4f3e482a3338f7b1de5281876743095a367da87dbbc2e015 |
|||
font_02_sfnt_off000091c4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x91C4 | 7168 bytes |
SHA-256: ff3db5e468deee4f42509a6981474ba71debc920c8790604674447978cadb01c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.