MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, disguised as a search result for a game tutorial. This redirector likely leads to further malicious content or exploits. The presence of numerous external PDF links suggests a link farm or SEO manipulation tactic, aiming to drive traffic to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/123?keyword=club+penguin+rewritten+thin+ice+tutorial
- https://cdn-cms.f-static.net/uploads/4402520/normal_5f9bc8962ea67.pdf
- https://pefuxagofir.weebly.com/uploads/1/3/4/3/134359429/7498433.pdf
- https://duzebovad.weebly.com/uploads/1/3/4/3/134316699/bogazorewi.pdf
- https://laxuruvu.weebly.com/uploads/1/3/1/4/131482832/aa83119.pdf
- https://gugabezari.weebly.com/uploads/1/3/4/5/134577353/widexelan.pdf
- https://cdn-cms.f-static.net/uploads/4387243/normal_5f945de7555c7.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/6a5334e9-219b-416a-ba58-ad3824f58f37/17228199890.pdf
- https://uploads.strikinglycdn.com/files/07ad5a75-f565-4b12-961f-12d65ab5fdf3/86365250963.pdf
- https://uploads.strikinglycdn.com/files/b794cccc-b5b9-417b-9672-715b682c27d3/banuzaxufejuzibuza.pdf
- https://uploads.strikinglycdn.com/files/7bef24f0-a462-4cad-9a13-e075a3a46617/nujopawoxewenudexifedu.pdf
- https://uploads.strikinglycdn.com/files/21e7945b-6e27-47a7-af5a-ddad10a54c4a/ryobi_p108_battery_home_depot.pdf
- https://uploads.strikinglycdn.com/files/139284ea-4b9a-42b7-a32b-251aeebcf8a8/15745059084.pdf
- https://uploads.strikinglycdn.com/files/9f2c4c1a-4b04-4f85-a6a2-fc7d962723e6/93224870603.pdf
- https://uploads.strikinglycdn.com/files/dea6b009-c53d-4f4f-9022-7376420dcf18/81417627179.pdf
- https://uploads.strikinglycdn.com/files/ee9d4a4d-8b04-4fba-b967-9b58a6eca065/70595319067.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007a01.bin7be789f66927594cbe07e4d229e814ff0adc36e41321b774fefd45ea89414e66 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A01 | 5156 bytes |
font_01_sfnt_off00008b96.binf96ae36b54bbe2f74baee4840fc05d4c9ad997708337b4c587d5faf9a3b2c0b9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8B96 | 10188 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.