MALICIOUS
194
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/123?keyword=business+conduct+guidelines+definition In PDF document text
- https://vibebivenef.weebly.com/uploads/1/3/1/4/131412032/171890.pdfIn PDF document text
- https://dejolezeg.weebly.com/uploads/1/3/2/8/132815968/siluvilasoniz.pdfIn PDF document text
- https://jewajufigojoxi.weebly.com/uploads/1/3/1/4/131438211/gexuzal.pdfIn PDF document text
- https://xojerajap.weebly.com/uploads/1/3/1/3/131384359/tisimaxof-duromaji-kazawiloda-vaxugusegamare.pdfIn PDF document text
- https://gimejexoxixaza.weebly.com/uploads/1/3/1/8/131872185/jinitorip-bolag.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377931/normal_5f8ddbacaf13e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370057/normal_5f89ebc782370.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366311/normal_5f894cdad15c1.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/6d1f9375-2923-4b95-8508-58199fe8ab93/85389402482.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7cb47213-e3fd-41bf-b030-0a2c831f8175/kozodofawefisoxinagazuzim.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9f45a1b5-36c6-4777-bd04-baf17fe7b463/vazopatasu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2fe43ca2-8d27-4cc0-8c58-aa0b38056f8a/jifudetisisusarifa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/049097e9-69b1-4e94-a37a-766fe1201c43/60135486347.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6804fca6-eac8-415b-86bd-4ed197584dc9/tuwijegejewijowofuranaf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c3348697-cd7d-4744-86ed-326ffd72d3df/rekaroxipatixok.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0a091bd5-d1d8-40c0-9935-58363a635899/tazojatizupov.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/96c3c472-c3f7-4f72-bb65-cd7ff1fdac4b/xojoxak.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5eb73d3b-6ef6-4529-99bc-27cd7a59f2bb/54878857356.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/71be9f26-f903-4508-bef9-61baef8bec65/nedivujaxuxakitobiferu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f984c5e6-fb3c-44a4-be09-f9ad200d2259/bodusefilegerefadapugun.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/79c018c7-3a05-44b8-bdaa-e7024290efe3/48046666283.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d1cd07d8-2f78-4e44-a685-a26136910554/wixifu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b744e3ad-42e2-450b-94fd-8430471e7586/25422496756.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000094ff.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x94FF | 4812 bytes |
SHA-256: ae48548a512f62c4b86f9feb43f6ec7bb51e87668c68124af3e2481e85bd86d3 |
|||
font_01_sfnt_off0000a56a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA56A | 10520 bytes |
SHA-256: 9dd2705d1af1fdc04c6fb87e1de394f7935be9a56f487ea1ecead1c0da0bed50 |
|||
font_02_sfnt_off0000c944.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC944 | 4324 bytes |
SHA-256: 4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.