MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ggtraff.ru'. This indicates an attempt to lure the user to a potentially harmful website. The ML classifier also strongly flagged this PDF as malicious. While no scripts were explicitly extracted, the nature of the redirector suggests a phishing or malware delivery attempt, aligning with the Spearphishing Attachment technique.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/123?utm_term=dbz+dokkan+battle+shenron+wishes
- https://cdn-cms.f-static.net/uploads/4369160/normal_5f8f1868ef664.pdf
- https://cdn-cms.f-static.net/uploads/4502268/normal_5fac2781d9df8.pdf
- https://cdn-cms.f-static.net/uploads/4374689/normal_5fb25e724f0e5.pdf
- https://cdn-cms.f-static.net/uploads/4380692/normal_5fa68f6e9c2fa.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/mukut/gijirojeminawubufijiwod.pdf
- https://s3.amazonaws.com/venunamazozuzo/dead_zed_hacked_unblocked_games_66.pdf
- https://uploads.strikinglycdn.com/files/d6371645-2f85-47db-bbac-475ead5838bf/geladeira_brastemp_ative_manual.pdf
- https://uploads.strikinglycdn.com/files/e0d03cff-c40e-4af7-aeb5-a1d56b09d6e1/wilibolifuwugujezega.pdf
- https://uploads.strikinglycdn.com/files/5a6f395d-4b99-430d-b37d-f155094126f0/ejemplos_de_notas_de_bitacora_de_obr.pdf
- https://s3.amazonaws.com/likerajatob/superman_2020_comic_books.pdf
- https://s3.amazonaws.com/vasofirida/amharic_film_site.pdf
- https://uploads.strikinglycdn.com/files/10271de3-6ca4-4e6b-b26a-739b777cf80b/kanivesugawutan.pdf
- https://uploads.strikinglycdn.com/files/df4a6b75-8081-4509-8afa-62e5af65fba6/gmat_official_guide_2017_free.pdf
- https://s3.amazonaws.com/ganubifirigevi/bst_dongle_full_crack_setup_free.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eae4.bin6a229f6f0cc923acae378d5380213df74cdc5f8e8604af9553cdb6e73a09ed74 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEAE4 | 5260 bytes |
font_01_sfnt_off0000fcdc.bin9a25111ccef9c581174cd7388ca21bbb223f3cbc257b5ba14bf4f10116e39f90 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFCDC | 10320 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.