MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a high number of embedded links, many of which point to a URL known for malicious redirectors. The document body, though heavily obfuscated, contains a URL that matches the heuristic firing for a malicious redirector. This suggests the primary goal is to redirect the user to a malicious site, likely for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=diesel+engine+air+intake+system+pdf
- http://files.annajeansalon.com/uploads/1/3/2/8/132814611/5066464.pdf
- http://files.rocwrites.com/uploads/1/3/1/3/131379615/nolojefavutifanoxi.pdf
- http://biniru.gardenofchange.org/uploads/1/3/0/8/130813855/nofub-botesunipom.pdf
- http://tinide.flourishinpurpose.com/uploads/1/3/2/3/132302984/pusopudu_jamejonak.pdf
- http://jomofib.honeyhopfarm.com/uploads/1/3/0/7/130739206/lidibese_bogenuzonidito_favopisagafeta_dijat.pdf
- http://betiku.sonorandesertvoices.org/uploads/1/3/1/4/131407143/b0c55f21dc4.pdf
- http://fefovol.wax-buildup.com/uploads/1/3/1/6/131606008/wodiwejelivi-foniwife.pdf
- http://papupuju.farmtoartfun.com/uploads/1/3/1/6/131637254/7183614.pdf
- http://files.bomaprilkim.com/uploads/1/3/0/7/130739404/2010451.pdf
- http://files.afteredengallery.com/uploads/1/3/1/4/131453919/titina-biropiru-turonu.pdf
- https://uploads.strikinglycdn.com/files/6e9384f3-740f-4a63-b718-a3acdd55cdb1/kudojosa.pdf
- https://uploads.strikinglycdn.com/files/98e83443-a00f-4d72-adef-56c667aa100f/zibivesarizazeso.pdf
- https://uploads.strikinglycdn.com/files/e9087e01-3884-45d1-abd0-f5ced7d50154/wiliduvorokuvexifeg.pdf
- https://uploads.strikinglycdn.com/files/036c8f58-350f-47bf-9e4e-457629e10071/fupaxelonopadewilokanuse.pdf
- https://uploads.strikinglycdn.com/files/50009491-f3d7-4564-8b05-416026eca883/jesozefuze.pdf
- https://uploads.strikinglycdn.com/files/36f46b75-5c9c-43e7-9174-bb24ae009ac5/84646991928.pdf
- https://uploads.strikinglycdn.com/files/7bcce431-5470-4f77-ba88-d430e8dadc20/debijukubodufob.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000067d1.bin971adb29568effe398927d84354069f35792404b2f9290500e9357d6807a7eff |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67D1 | 5524 bytes |
font_01_sfnt_off00007a9f.bind641f543d2d45dffb8b7ad78ed8cf83c8d3d196ca5fef660dec6698b8262ac76 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A9F | 9956 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.