MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://gettraff.ru/123?utm_term=el+libro+de+arena'. Additionally, a machine learning classifier and ClamAV detection strongly indicate malicious intent. The document body is heavily obfuscated and unreadable, but the presence of a malicious URL is sufficient evidence for a phishing or malware distribution attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9958
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/123?utm_term=el+libro+de+arena In PDF document text
- https://cdn-cms.f-static.net/uploads/4420438/normal_5fb5c3f6d0680.pdfIn PDF document text
- https://cdn.sqhk.co/wuvupalib/1hfPhbP/carrie_underwood_concert_2019_song_list.pdfIn PDF document text
- https://cdn.sqhk.co/retuwami/aziehIk/jibonikiwezitipuduvovo.pdfIn PDF document text
- https://cdn.sqhk.co/sovokeduseb/ijbuiiJ/zesogoxufavujuziwulipeju.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4411700/normal_5fe58075d9c7b.pdfIn PDF document text
- https://cdn.sqhk.co/birenejar/gjjdhbk/movie_maternal_instinct_cast.pdfIn PDF document text
- https://cdn.sqhk.co/pasepizut/sugjYgf/operation_market_garden_polish_casualties.pdfIn PDF document text
- https://cdn.sqhk.co/podiwilur/4ghaghi/bombastic_bling_roblox.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4366654/normal_5fdff44499465.pdfIn PDF document text
- https://cdn.sqhk.co/taranumota/ETNiijh/fear_the_walking_dead_full_cast_season_5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4404123/normal_5f9b79a5ef2ef.pdfIn PDF document text
- https://cdn.sqhk.co/fukafodifi/ejjzkIR/the_crusades_through_arab_eyes.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4496005/normal_5fca12381f2c4.pdfIn PDF document text
- https://cdn.sqhk.co/morexemodoju/ieRTENW/tumblr_wallpaper_hd_phone.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/d57c89a8-3038-4de4-bf6c-a1132ae12862/sisenerozo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b7c289f-c64a-44c3-aae9-b4b4c6c775c4/bupobibitu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89bb0ced-c03c-40a9-acbc-b6f9f61dca48/gopomumuputekex.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e97f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE97F | 4448 bytes |
SHA-256: 76aa714225d4a979cbf1302eb7160dfb7824a5b6bf52f37f6614adf3c7fa2c9c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.