MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier as malicious and contains a link to a known malicious redirector infrastructure. The embedded URL is likely part of a phishing or malware distribution chain. No scripts were extracted, but the presence of a malicious link strongly suggests an attempt to lure the user to a harmful site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/pify?keyword=cat+in+costume+black In PDF document text
- http://pebazado.getmgetm.com/uploads/1/3/2/7/132710675/vobirajililo_gulonekugasewef_guwus.pdfIn PDF document text
- https://site-1040042.mozfiles.com/files/1040042/nudemufekerib.pdfIn PDF document text
- https://site-1044303.mozfiles.com/files/1044303/70959744042.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e2fa0c68-76ed-47b8-820f-25e715c18866/46421700794.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d3306ad1-794c-4d06-81b3-17037f08e8e5/wiwamorexa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/05a77ae9-1a45-4196-baeb-f405b44adabd/xejeravefebufe.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/3859/6511/files/49038139135.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0430/9565/4564/files/nursing_interventions_for_smoking.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000687d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x687D | 4960 bytes |
SHA-256: 630314bb94709df5465fc8b67f66c92a80fa577ed343a675c3b865a3289cecc1 |
|||
font_01_sfnt_off00007942.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7942 | 10836 bytes |
SHA-256: b502d1920de6af1c7fe5c5bec86cc4eadb4979073424cbc99d70793beb7c0b28 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.