MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a high number of embedded links, many of which point to external resources, indicating a link farm or SEO poisoning attempt. The primary URL, https://cctraff.ru/strik?keyword=puzzle+and+dragons+tier+list+altema, is flagged as a malicious redirector. The ML classifier also strongly indicated maliciousness. No scripts were extracted, but the document body and heuristics suggest a lure to malicious infrastructure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=puzzle+and+dragons+tier+list+altema In PDF document text
- https://cdn-cms.f-static.net/uploads/4375341/normal_5f8a870d4326d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366009/normal_5f8f130963ad8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384143/normal_5f9081cc5f0a2.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/lebaxa/thyroid_hormone_regulation.pdfIn PDF document text
- https://s3.amazonaws.com/zuxadol/cardiac_arrest.pdfIn PDF document text
- https://s3.amazonaws.com/dinilederu/15599286238.pdfIn PDF document text
- https://s3.amazonaws.com/saziwijaxodav/18512118501.pdfIn PDF document text
- https://s3.amazonaws.com/pugomonapoxuxe/bahishti_zewar_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2cc5b679-226d-4b47-9d0f-d87b9cde1e21/61165213919.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bda23b0a-cc0c-4646-bd24-2bed87265578/60500941000.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/46b49b71-1b24-4c80-9801-268a3d0ab7ef/15225400957.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1af6e76f-dc95-4ff1-ad93-777a586eb9ca/noparu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3b401ce2-a769-45aa-85c7-b2cad890b94a/97928380778.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3c483e4f-3842-4ac6-9e32-d214aa3563af/56728062099.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/92e04374-3dab-494c-ab28-6dfa6225985f/xuxawawodasufabizumow.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0501/0010/9507/files/sosuziselilex.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0501/9005/7647/files/acls_provider_manual_2020_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/18dbb2dc-f430-4d64-b4fa-a4b05418f83c/lebopu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8939d8b7-3d18-4bf9-924d-387dc9ab319a/85876173045.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7bd01acf-217f-491a-8300-382670a106cd/melufavuxubalujipuxidavij.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3b0ff29e-f70d-409c-a18d-47523e125a96/tewalozoga.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006e8a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E8A | 5076 bytes |
SHA-256: 9d72e9f5f6c1234ffaebd1c6af1cba078bcf957f0b599b2cae8aea360fb5db0b |
|||
font_01_sfnt_off00007fb3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FB3 | 11528 bytes |
SHA-256: 674bc81f3f96380a75a67cfe383a7ae7c9be0c458b8b30b8e289019e34eb603d |
|||
font_02_sfnt_off0000a631.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA631 | 16092 bytes |
SHA-256: 9af6fc3bf9d751f70540aea0fa47faa159a3604992cda23d2adcda3ffc5346b2 |
|||
font_03_sfnt_off0000baf8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBAF8 | 4324 bytes |
SHA-256: d1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.