MALICIOUS
134
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/wb?keyword=bixler%202%20manual In PDF document text
- https://cdn-cms.f-static.net/uploads/4367273/normal_5f95ba3fe1124.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393346/normal_5f90ebc806cbd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366377/normal_5f886a577c158.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366312/normal_5f89e6cfe3541.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382209/normal_5f8c23a43b73a.pdfIn PDF document text
- http://www.opentle.orgIn extracted file (stream_005_off00006460.bin)
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off000053db.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off000053db.bin)
- https://uploads.strikinglycdn.com/files/bc6b03d5-a61f-4811-983d-990691013490/temazugagutejonujotovu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf660d72-e236-43c7-adac-0c3629c626d5/zitipinivejediz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab4e8af7-aa9c-4845-9bcd-7ffe7ed6d83a/dunivebipesasedoxa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5107c24b-aedb-48c0-b631-3ac6a6a46cc3/kusonixu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/07b87848-ec9d-4bb6-be37-0e00c032b54e/kizudasoxotivi.pdfIn PDF document text
- https://s3.amazonaws.com/luramamelolem/alimentos_anticoagulantes.pdfIn PDF document text
- https://s3.amazonaws.com/bubisifapagefe/antinomien_helsper.pdfIn PDF document text
- https://s3.amazonaws.com/gupuso/bonuvifo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/323c73fd-dfc7-4bb0-96a9-8dfbff96562f/35030709556.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a9262a42-1816-4d22-8940-e07069a912c9/nelson_denny_reading_test_study_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e11e63b8-b6da-44b8-aab0-fa7f87a51c38/ppsspp_games_android_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d3a5552f-4b3e-4f1b-b4ea-d2880d9201a7/burkes_outlet_job_application.pdfIn PDF document text
- https://s3.amazonaws.com/zupenafud/basic_laws_boolean_algebra.pdfIn PDF document text
- https://s3.amazonaws.com/fatikonavori/4267701306.pdfIn PDF document text
- https://s3.amazonaws.com/zetare/wizevivulosupitopopiku.pdfIn PDF document text
- https://s3.amazonaws.com/gupuso/23527879354.pdfIn PDF document text
- https://s3.amazonaws.com/leguvefu/deconstructivismo_arquitectura.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn extracted file (stream_005_off00006460.bin)
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off000053db.bin)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00006460.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x6460 | 10932 bytes |
SHA-256: 65949ab0792315e5924ebdd43353a5a966af49c912c4b578831048e0e6ca3fa6 |
|||
font_00_sfnt_off000053db.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x53DB | 4904 bytes |
SHA-256: 2412f16ec7ed7d24d1d6cc854f7b370f27b710ca4cb22fc2f0f678028cc1718d |
|||
font_02_sfnt_off0000837e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x837E | 9428 bytes |
SHA-256: beb8df71463ef79b1a3a37067456b09afd751f48eb37c9729623cdd06f54a563 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.