MALICIOUS
134
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains heuristics indicating it's a malicious redirector, specifically designed for SEO poisoning to lure users with seemingly legitimate document titles. The embedded URL, https://ggtraff.ru/aws?keyword=indian+arbitration+act+1940+pdf, is identified as a known malicious redirector, likely leading to a phishing or malware download site. No scripts were extracted, but the overall pattern suggests a phishing lure disguised as a document.
Machine Learning
- Nyx PDF Classifier malicious score 0.8965
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/aws?keyword=indian+arbitration+act+1940+pdf In PDF document text
- https://cdn-cms.f-static.net/uploads/4378165/normal_5f8d45e436e0d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367283/normal_5f887382373c2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370078/normal_5f8a9c5098da1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368467/normal_5f8894f204012.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368991/normal_5f8dd831012f7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4376125/normal_5f89cd16c6713.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366374/normal_5f87572b1da4d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367304/normal_5f8811a0295d0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369332/normal_5f8a553f2a11c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365635/normal_5f8a769b70e98.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e9af3c38-197c-4056-b9b6-124ecc893fda/10157535134.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7975b50-dff3-4c2b-94e6-4d19c3f2d340/38595987744.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/95158a52-13da-493d-9217-04a59b4aa236/39282040437.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/849c1ab0-f29e-4dcb-bae9-ebb4df683ffb/warband_nova_aetas_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7aa2a957-5cd4-4a3a-b36f-cfd2877d43c6/82285333626.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0496/1861/6473/files/dorizavewisixumex.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0483/8929/2184/files/88778872269.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/4305/9862/files/20952535444.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/6845/6102/files/nikon_d3000_lens_compatibility.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0266/8393/2851/files/star_wars_models_revell.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/9033/7182/files/kicker_cvr_15_2_ohm.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0266/9291/1298/files/amazing_ribs_fried_turkey.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0484/2360/0286/files/pegevotiwelakotobuso.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a3d9a3e7-8ecf-4e37-9046-c06f0e4e49be/tokoxusulu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dc424213-a8c3-4295-adc6-df5c3c6112c4/pikekakubatepekoribozanav.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/50401538-c842-48cc-8038-0525e24a8910/58423050790.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f5574052-cc11-425c-9c18-ba1f7badc79b/36302387327.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5bd42a6f-ae2a-4e52-ab1e-f392cac94120/dirinimojivovu.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0003c0e9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C0E9 | 5452 bytes |
SHA-256: b2ce884a9acac317e59eebce523ba8f248d8998c4f29e306460ff2ba4d8ca870 |
|||
font_01_sfnt_off0003d378.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3D378 | 10940 bytes |
SHA-256: db2fb605d52927ece87b3968c60b9221984cfa19096d237f9119bc885647a35b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.