MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/123?keyword=donation+request+form In PDF document text
- https://gimejexoxixaza.weebly.com/uploads/1/3/1/8/131872185/e5bcd2697.pdfIn PDF document text
- https://gekeforoka.weebly.com/uploads/1/3/1/4/131438206/batekomaginefakumo.pdfIn PDF document text
- https://viweposedijul.weebly.com/uploads/1/3/1/0/131070314/21a22b9.pdfIn PDF document text
- https://papunagaku.weebly.com/uploads/1/3/1/3/131384156/6a3e1d716.pdfIn PDF document text
- https://walijogopabo.weebly.com/uploads/1/3/0/7/130776167/jesudasa_bidez_misunesamaki_takixezeve.pdfIn PDF document text
- https://tejubodefi.weebly.com/uploads/1/3/4/3/134351051/rolavoxole-noret-binepeniji-fugujurunijefa.pdfIn PDF document text
- https://dosaremuxabibi.weebly.com/uploads/1/3/0/7/130739916/wuvumodubazovi.pdfIn PDF document text
- https://nasijominazol.weebly.com/uploads/1/3/4/3/134366940/705ba17.pdfIn PDF document text
- https://rikisuluwujufa.weebly.com/uploads/1/3/1/4/131452938/7e627031f88a.pdfIn PDF document text
- https://mogawurid.weebly.com/uploads/1/3/4/0/134042680/wubanogapatobil_menugonizulaguz.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_00_sfnt_off00007780.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_00_sfnt_off00007780.bin)
- https://uploads.strikinglycdn.com/files/a77e633e-64c7-4cda-94d9-a4e4084ae9bd/dasofafipoludepiperumi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c75dfb10-ca28-42f3-ae8d-88474976edf3/32694728439.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/15411bfb-4ecc-40df-ae7e-b615eddc7b1b/56051732771.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/58a68e09-acb2-43bf-9004-a74674f8fadf/gta_sa_kurtlar_vadisi_mod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3be3014e-8d7a-4456-a73e-ee6fa4418299/tujezeba.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3234075a-7c95-4fa0-ab9c-908d474a1e2c/41884837558.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c893e1ab-a096-4e12-9df5-60f751f86cb3/17899510038.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5b7312b8-68df-48f8-b168-fa95538073c3/bubarazogukumesosudilu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7fef7161-cbe4-4a93-b2c6-71267a59c289/xbox_softmod_auto_installer_deluxe.pdfIn PDF document text
- https://s3.amazonaws.com/pazerogasarinu/41747084657.pdfIn PDF document text
- https://s3.amazonaws.com/tixedujegibex/cassis_de_dijon_case.pdfIn PDF document text
- https://s3.amazonaws.com/kavitokolezub/8802352624.pdfIn PDF document text
- https://s3.amazonaws.com/gozilum/jawipab.pdfIn PDF document text
- https://s3.amazonaws.com/tinajabizoreguf/gudemew.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_00_sfnt_off00007780.bin)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007780.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7780 | 5008 bytes |
SHA-256: 4fb2404af08011551e0e07c224631d7e21b1a57794e80fdb95a2790c1abb859c |
|||
font_01_sfnt_off00008871.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8871 | 10392 bytes |
SHA-256: 26499bfda13b7d1603db864e38de17b7fa17e0c838c7f8850a440c6405f5d6b3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.