MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded links, many of which point to external PDF files, suggesting a link farm or SEO manipulation tactic. One prominent URL, 'https://cctraff.ru/strik?keyword=crazy+little+thing+called+love+queen+chords+pdf', is flagged as a malicious redirector. The document body, though heavily obfuscated, also contains this URL and other benign-looking PDF links, reinforcing the lure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=crazy+little+thing+called+love+queen+chords+pdf In PDF document text
- https://cdn-cms.f-static.net/uploads/4368977/normal_5f8a1202eb045.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367633/normal_5f886d4c18896.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/7a42b47d-2159-4b1f-adc8-425604549195/gowakedenepigulosaz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/44959cba-7523-4123-b9f1-1683d50864af/ligugiwowibevalomowu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f2f7b851-2694-46bc-8dd0-2fab54ed0f42/zapapadamudezabunopotasul.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/80ad2db2-b8dd-4431-a34a-2fa7d570bd66/7326095838.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/7424/8101/files/y_not_stop.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0432/6277/1366/files/39039400534.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0484/0987/0493/files/67676231239.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0477/5424/8348/files/51397363410.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0500/1392/9630/files/possessive_noun_exercises.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0497/9916/8163/files/91903922938.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/1425/7815/files/75310649203.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0430/9473/7045/files/pumugotixurarixaxizal.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c3acbdbd-5043-43ef-8f1d-358ebbfa132e/18645235432.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2515c5bb-1071-442c-8ea2-4d5af35db9aa/rolarubobekakufa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d2f24f0a-4430-41ec-b824-08f7981e19eb/xuzinapozolezivewivuze.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2cb5fd80-7911-411b-adae-439900d20143/logenobulomujimo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4ff4ec3a-3e26-4fea-92c7-89ff439cafdb/sibusuzobugivofijiwip.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005de9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5DE9 | 5660 bytes |
SHA-256: 54e295e8926cc33f6318915bcb852640ec5a664fca3245e2fafc4fab986bea3a |
|||
font_01_sfnt_off0000712e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x712E | 14276 bytes |
SHA-256: 2a3375f64c5f0a8340757c00778e05898749b8f0840d3f488abf1333e8099f8a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.