MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing indicating it links to known malicious redirector infrastructure. The embedded URL, https://ggtraff.ru/strik?keyword=dbz+flash+games+online, is identified as a potential threat. While no scripts were extracted, the PDF structure and the malicious link strongly suggest an attempt to lure the user to a harmful site, likely for phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/strik?keyword=dbz+flash+games+online In PDF document text
- https://cdn-cms.f-static.net/uploads/4372723/normal_5f93dcd6570bd.pdfIn PDF document text
- https://gikotibosad.weebly.com/uploads/1/3/4/3/134332820/wefopib-gukekesof-novotisi-guvap.pdfIn PDF document text
- https://vigejudekoseja.weebly.com/uploads/1/3/4/5/134518300/wodifuju.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379038/normal_5f8c185b96630.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368266/normal_5f89902532bc7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4404299/normal_5f956d0936e7f.pdfIn PDF document text
- https://loneluripovulom.weebly.com/uploads/1/3/4/3/134364014/84e92f4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368740/normal_5f9fc98333445.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4405179/normal_5fa25813bfd37.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ddb4e94b-a04a-4fad-9db8-f31a90fececd/backyard_ballistics_free.pdfIn PDF document text
- https://s3.amazonaws.com/daselex/sulibegukaboj.pdfIn PDF document text
- https://s3.amazonaws.com/tesodagiwor/68364062154.pdfIn PDF document text
- https://s3.amazonaws.com/pibabopuduj/fairmont_high_school_christmas_bazaar.pdfIn PDF document text
- https://s3.amazonaws.com/xalasawu/buwixadatitosad.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000064e5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64E5 | 5272 bytes |
SHA-256: 01cf614d0d0593111b1bf9f30b23b6ca65a1edd3745f986b395a9554485dbac3 |
|||
font_01_sfnt_off000076c5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76C5 | 10212 bytes |
SHA-256: d2cf120bf40d075a271452d6d9e581074fccace15bee3a820477a3cb82732a30 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.