MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, as malicious. A critical heuristic identified a link to known malicious redirector infrastructure at https://traffmen.ru/strik?utm_term=jhs+185+bleecker. Although no scripts were extracted, the presence of a malicious URL strongly suggests a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9938
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffmen.ru/strik?utm_term=jhs+185+bleecker
- https://cdn-cms.f-static.net/uploads/4366654/normal_5f88440d01529.pdf
- https://cdn-cms.f-static.net/uploads/4368949/normal_5f99be5b1a8f5.pdf
- https://cdn-cms.f-static.net/uploads/4390095/normal_5fb47d5e77077.pdf
- https://cdn-cms.f-static.net/uploads/4455902/normal_5fa92fb1d4542.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/eda8d1ac-08c4-4594-97cf-876f72dcf944/51759923394.pdf
- https://static1.squarespace.com/static/5fc587e7affbf90a6609e8ed/t/5fc8b3c27ff5a343ebfb8e04/1606988739212/53820992538.pdf
- https://uploads.strikinglycdn.com/files/c2b88444-9571-4e72-95b5-55d29131b514/46373093161.pdf
- https://static1.squarespace.com/static/5fc18716ab79f442f22e10f3/t/5fc55b983570fb44d1b5a727/1606769560691/why_write_paul_auster_analysis.pdf
- https://uploads.strikinglycdn.com/files/c7a68b9b-d292-4281-86c0-84255b3a2c93/44903191807.pdf
- https://uploads.strikinglycdn.com/files/b93ecc54-9d4e-4685-9b6b-700952e70fcd/vellipoke_vellipoke_song_mp3_free_download.pdf
- https://uploads.strikinglycdn.com/files/83e15fba-2c27-4cf7-8004-2b042b61ba2a/17637356774.pdf
- https://uploads.strikinglycdn.com/files/bc1b6bbe-eefd-49db-bcd8-4b77459998e9/monster_park_mod_apk_download.pdf
- https://uploads.strikinglycdn.com/files/8723fc60-5b80-4d7e-bd1a-943a1f61ee77/tevadixaneduzer.pdf
- https://s3.amazonaws.com/fatikonavori/seventh_day_adventist_church_manual_2017.pdf
- https://uploads.strikinglycdn.com/files/a11cab24-e69b-4bb2-bf15-8b333bc7714e/dulevanikajudagudawelup.pdf
- https://s3.amazonaws.com/miledu/properties_of_2d_and_3d_shapes.pdf
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000be65.bin3d4760ca295192c89086870ebbac49c5a5945404ea6ab57fca452cf2db5f569a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBE65 | 6440 bytes |
font_01_sfnt_off0000ce59.binaec9f5fee9a7a5254be65f879a21362419ecb8ed2e2aeb8a33effd6d15e479c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCE59 | 5240 bytes |
font_02_sfnt_off0000e02e.bin84443d96f27500aa11d4ec412caf059e962a3588873e5becf5a34d20a5621c13 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE02E | 2188 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.