MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. The embedded URL, https://gettraff.ru/strik?keyword=verbal+ability+pdf+for+gate, is the primary indicator of malicious intent. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted, but the presence of malicious URLs suggests a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=verbal+ability+pdf+for+gate
- https://site-1037273.mozfiles.com/files/1037273/lonisamabivinejisepubez.pdf
- https://site-1037129.mozfiles.com/files/1037129/20351233776.pdf
- https://site-1036807.mozfiles.com/files/1036807/jujegev.pdf
- https://site-1036965.mozfiles.com/files/1036965/25277805666.pdf
- https://site-1036722.mozfiles.com/files/1036722/penodo.pdf
- http://sefov.henleychocolates.co.uk/uploads/1/3/0/7/130738902/giratotutaxo.pdf
- http://zexud.badgirls.hu/uploads/1/3/0/9/130969336/258380.pdf
- http://files.marinaredlich.com/uploads/1/3/0/9/130969598/fc2135835.pdf
- http://zususezow.lbksupersr.com/uploads/1/3/1/4/131407406/0219f763c41.pdf
- https://site-1037028.mozfiles.com/files/1037028/favugupirisubos.pdf
- https://site-1036980.mozfiles.com/files/1036980/91279043952.pdf
- https://site-1037035.mozfiles.com/files/1037035/21535077291.pdf
- https://site-1036907.mozfiles.com/files/1036907/79189159525.pdf
- https://site-1037160.mozfiles.com/files/1037160/govituzokuve.pdf
- https://cdn.shopify.com/s/files/1/0468/8517/5453/files/basha_songs_masstamilan.pdf
- https://cdn.shopify.com/s/files/1/0482/1116/5336/files/xivizavoxomuvivivin.pdf
- https://cdn.shopify.com/s/files/1/0437/1765/6728/files/fokovowuzusolobuxa.pdf
- https://cdn.shopify.com/s/files/1/0430/3201/9097/files/date_sheet_of_10th_class_2020.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000066a3.bin696e8958dce6db202cbbb6489db640add0506796180c7a27e5ec19f41001c05a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66A3 | 5236 bytes |
font_01_sfnt_off0000788f.bin2f386e26567589d3e7c67d0690153c47c5ce357ff08692199c31658cd39c7257 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x788F | 10124 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.