MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous embedded links, with a critical heuristic firing indicating a malicious redirector. The document body, though heavily obfuscated, contains text related to 'Jothidam books in tamil pdf' and a URL that matches the redirector. The presence of many external links, including to Shopify domains, suggests an attempt to leverage SEO or distribute content through a link farm, potentially for malicious purposes. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=jothidam+books+in+tamil+pdf
- https://static.usrfiles.com/ugd/74a852_fd55b49f0f464868b421acc02d36864b.pdf
- https://static.usrfiles.com/ugd/b8c837_d17f86de185d4dbb85c88ce5c9e47c2f.pdf
- https://static.usrfiles.com/ugd/2813e2_f9493f62f8b944789958854b17d487af.pdf
- https://static.usrfiles.com/ugd/dfb5f8_74e1a6d2c0864214b655b7cdb8c31777.pdf
- https://static.usrfiles.com/ugd/ace02d_fd42748fa0c547a1ba1ecdb2e2c1de5c.pdf
- https://cdn.shopify.com/s/files/1/0439/9074/5246/files/ruvazetatobupozugosedinad.pdf
- https://cdn.shopify.com/s/files/1/0439/1721/3851/files/conditional_sentences_worksheets_with_answers.pdf
- https://cdn.shopify.com/s/files/1/0464/8216/1832/files/neduve.pdf
- https://cdn.shopify.com/s/files/1/0432/9878/3382/files/samuduf.pdf
- https://cdn.shopify.com/s/files/1/0430/1612/6625/files/59192186924.pdf
- https://cdn.shopify.com/s/files/1/0432/9085/3541/files/musixesasugiv.pdf
- https://cdn.shopify.com/s/files/1/0434/9621/0594/files/4311183404.pdf
- https://cdn.shopify.com/s/files/1/0433/0009/4112/files/linux_vi_cheat_sheet.pdf
- https://cdn.shopify.com/s/files/1/0431/6649/8965/files/wovirogewolajajoga.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off0000775f.bin1af5858638ef00a37b6d4b1ec61a0e07cbdebaf53b1bc51ef4366a5c104d33a2 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x775F | 12316 bytes |
font_00_sfnt_off00006530.bind7ae3e24db97dc31ad13cd6e6599441afd6454fabd622569b3ee77ce63776b07 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6530 | 5380 bytes |
font_02_sfnt_off0000974f.binddd209e255102c799983fe574a6f4b7d1e3dd9f50817ce250fa71106262b6719 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x974F | 15596 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.