MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://gettraff.ru/aws?utm_term=baahubali+2+movie+songs+naa+songs'. This URL is likely used to lure users to a malicious site. The ML classifier also strongly flagged this PDF as malicious, and ClamAV detected it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/aws?utm_term=baahubali+2+movie+songs+naa+songs In PDF document text
- https://cdn-cms.f-static.net/uploads/4473047/normal_5fb7eaf10bcbb.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4374851/normal_5fcfe5bc275b1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4409092/normal_5fd7b73df0ba2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4391954/normal_5f9656fa4eaf0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4414678/normal_5f99bebe2d189.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static1.squarespace.com/static/5fc5904aff13940aa25f39a7/t/5fc647363f75b16643a9bdf7/1606829878537/paynow_topup_total.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5547d69e-9d4e-43cd-a935-20f1d173f31e/114616071.pdfIn PDF document text
- https://s3.amazonaws.com/lefemijip/capsa_susun_free.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0bd728787e879896b3111/t/5fc0df46a97599144e17943a/1606475592184/paintshop_pro_x9_vs_2019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5a25d3f1-e946-48ee-aa8f-a85dc6ce6d78/mount_and_blade_warband_kingdom_of_nords.pdfIn PDF document text
- https://s3.amazonaws.com/tipakalif/free_anime_websites_english_dubbed.pdfIn PDF document text
- https://static1.squarespace.com/static/5fdd391cd610986319751208/t/5fdd3da6f11f517dbba95cd6/1608334759092/emergency_response_plan_template_alberta.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0e90c27a199023ab56552/t/5fc16725f8cdb769c6185689/1606510375517/load_runner_user_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1bf9bda0-9322-4944-b957-bc7101833568/46363837869.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9488c823-e5dc-4c36-a178-3c1ad3314ef5/manual_de_instrucciones_de_un_celular.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c4dc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC4DC | 5384 bytes |
SHA-256: 7b4578acf10f406413c1a506b7582638174457eb678f50fc5f7019acd4aab63d |
|||
font_01_sfnt_off0000d712.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD712 | 11300 bytes |
SHA-256: e2801a09ec95ab038685253cca9a17fa44c7680e6ffce0312cc4e3fcc3b7523b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.