MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a link to a known malicious redirector, indicating an attempt to lead the user to a harmful site. The document body, though heavily obfuscated, contains text that appears to be a 'Bolc packing list' and the malicious URL itself, suggesting a phishing or redirection lure. No scripts were extracted, but the presence of a malicious URL is a high-confidence indicator of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9928
Heuristics 2
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/aws?keyword=bolc+packing+list In PDF document text
- https://mokitigek.weebly.com/uploads/1/3/1/6/131606839/musux.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366978/normal_5f8b2f9ac4071.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402032/normal_5f92457278047.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/vaxebisapesi/famous_chocolate_wafers_recipes.pdfIn PDF document text
- https://s3.amazonaws.com/zarelusipofox/wupimelazujoxexoxipi.pdfIn PDF document text
- https://s3.amazonaws.com/serogajugomiji/bubonic_plague_history.pdfIn PDF document text
- https://s3.amazonaws.com/dotivaf/companion_planting_vegetables_chart.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0503/1464/1605/files/florida_partial_release_of_lien_form.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/5462/0059/files/44835641611.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/1436/4059/files/word_whizzle_answers_fast_food_items.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/4374/1083/files/99912048232.pdfIn PDF document text
- https://s3.amazonaws.com/sugaguxagu/buet_admission_result_2017-_18.pdfIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_008_off00023d81.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x23D81 | 20733 bytes |
SHA-256: 27a26acd6f6c3e82bd4b1d2422279ff5bbc7437cc008822f7d71e970c7eba696 |
|||
font_00_sfnt_off0001f903.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1F903 | 3120 bytes |
SHA-256: b1808a2d7445fd3fa110f6fa10012c850680e97427c6103e19c2def83c2b8d47 |
|||
font_01_sfnt_off0002043d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2043D | 5116 bytes |
SHA-256: fceb825393f918ac019b927314ecfb2b4d9918e53d7b363b1e1fdb6ff9d71036 |
|||
font_02_sfnt_off000215c7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x215C7 | 12076 bytes |
SHA-256: 342efab26384cda64c579934ab0eaa6d2941d4f1eff5e43bae167b49addf88a0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.