MALICIOUS
212
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains heuristics indicating it is a malicious redirector and part of a link farm, aiming to direct users to harmful sites. The embedded URL `https://cctraff.ru/aws?utm_term=mcgraw+hill+connect+homework+answers` is flagged as malicious. The document body, though heavily obfuscated, suggests a lure related to 'mcgraw hill connect homework answers', reinforcing the phishing or malware distribution intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.8859
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/aws?utm_term=mcgraw+hill+connect+homework+answers In PDF document text
- https://cdn-cms.f-static.net/uploads/4379048/normal_5f94984ee4c9f.pdfIn PDF document text
- https://zinixukugezevul.weebly.com/uploads/1/3/4/6/134612333/6890329.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416791/normal_5f9d3b9dc1905.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/fd3766ee-0762-48a1-8d1a-056733a9cf79/13108500010.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e57e1c28-3f69-4480-920b-d55fe84f695a/56414515769.pdfIn PDF document text
- https://s3.amazonaws.com/rawesaragegugar/39907736477.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a186c9ef-272f-496b-8a9d-ceb76dc9d2e5/gidizo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c69fcd40-7f39-45ca-a90e-02b10d011c21/70764027177.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2d5f48ee-9014-476e-9d66-b1f831896aeb/paliwuladexaki.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a2f3bd35-1e96-4da1-8ccd-e09ff1e3068c/kezogovewibipumokevojoki.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001395d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1395D | 5376 bytes |
SHA-256: 4e912693251c369f70bfecf929f9a900c888257a1fddfd6fbb0e11c6347d1fe8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.