SUSPICIOUS
44
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0284
Heuristics 3
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://wikigi.litds.ru/date?keyword=kwang+soo+and+somin+dating&charset=utf-8 PDF link annotation
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000864a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x864A | 4040 bytes |
SHA-256: 0e569373682d2112ebd5507cbcffc9f768581458be21dc3e1de8b7b53ca7eb6e |
|||
font_01_sfnt_off0000954a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x954A | 15472 bytes |
SHA-256: 9dfb2f580b20f5e871a15da1e54cac99832ea4d3f46b3f20612cdfcd714a834b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.