MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector infrastructure, disguised as a search result for a technical book's solution manual. The ML classifier strongly indicates maliciousness. While no scripts were explicitly extracted, the PDF structure and embedded link suggest an attempt to redirect the user to a malicious site, likely for further exploitation or credential harvesting.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=introduction+to+algorithms+2nd+edition+solution+manual In PDF document text
- https://cdn-cms.f-static.net/uploads/4371536/normal_5f88f6c69753d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369776/normal_5f8d191314762.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379839/normal_5f93a6e161bf0.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/zirojopemup/brevet_2019_sciences.pdfIn PDF document text
- https://s3.amazonaws.com/ravuxudibure/quadratic_equations_problems_and_answers.pdfIn PDF document text
- https://s3.amazonaws.com/tajimipojimo/mipolu.pdfIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/contoh_vlookup_dan_hlookup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/36761763-1ab4-42d6-9612-cc415f7443d7/bojuvalan.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7f16b8c4-03ed-4d7c-9514-33d1dd12a971/faxenoxopiwulamina.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78ad6c6e-534d-48dc-b02f-6499613cda62/sumotuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6070a368-e104-4a84-9afe-a87bb616ade4/julikasinonotunemow.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6130672b-6d24-4647-8e49-0e4db1746dce/32233847068.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8d21464a-746c-426b-9e7b-e7497f122d1c/nobarafozewov.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d3ceb5b-ebcc-4c25-966d-546234f02b67/videopad_user_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f42487cb-4159-451e-b6a8-3328ff4c4ef1/total_occupational_and_social_impairment.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/36e6b873-3b56-4fa2-a59b-62f0a2b9ad52/24814012457.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/00602103-9a47-4d78-92eb-4125bf03dfa4/lepapoval.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dbcac158-c8cd-46ce-9988-e016de5d4f50/sims_3_hybrid_mod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bedc0e83-bcad-4b91-8836-1724bb72bf0d/47358645903.pdfIn PDF document text
- https://s3.amazonaws.com/mibiwivanetuj/22114342389.pdfIn PDF document text
- https://s3.amazonaws.com/zetare/6th_grade_reading_passage.pdfIn PDF document text
- https://s3.amazonaws.com/leguvefu/betamutipi.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009c58.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C58 | 5424 bytes |
SHA-256: d9c41591d08ca5b0768259c06dac68d625d8ddf1a1efd11dee9e3c331a0e247b |
|||
font_01_sfnt_off0000ae91.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAE91 | 11064 bytes |
SHA-256: c1c11f1636dc035c2c88a4ded2332868c233ffc5ee7067f967a3b1230eb61e81 |
|||
font_02_sfnt_off0000d439.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD439 | 16096 bytes |
SHA-256: 3bb08857b08983a257d5a2052628e18542fd51c8d29f5bbef87ea8b8ace00841 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.