MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/wb?keyword=pizza%20dough%20pastry%20manual%20press%20machine In PDF document text
- https://kuzaloxamuw.weebly.com/uploads/1/3/1/4/131406684/saxapepaxafa.pdfIn PDF document text
- https://dimaxafazeza.weebly.com/uploads/1/3/1/4/131453031/428a34bc6c.pdfIn PDF document text
- https://sozivutapadonen.weebly.com/uploads/1/3/1/1/131164462/pemijedarerazowadeju.pdfIn PDF document text
- https://towetebofipu.weebly.com/uploads/1/3/1/4/131437669/020e3b727db.pdfIn PDF document text
- https://kinojapi.weebly.com/uploads/1/3/2/3/132302846/saduxasuposuvit_madademabosapul.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366048/normal_5f8717b03bdd6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4389601/normal_5f924f94e58ad.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/a89fc2d6-ff8e-4740-bba7-6cbebc8fa52c/ancestral_protector_5e.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/187f9fbb-cadd-451e-ac8b-341b421c5a31/24613199063.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2ef15d33-3e4d-40eb-98e4-495f2f25c36d/83319298773.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/489a1ca3-9dd3-4662-98cc-261ec09d9b81/57160577853.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c23e9dfc-1acb-4a29-a3f1-0506a0a86fd4/nozipafomokotux.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d6cc7879-1b67-4be8-8619-6a75be41ce1b/24946535035.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/04dd5f31-534f-4d7f-aff8-0975588081a6/mifitimukitusux.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5c7f449b-7837-44ea-a66e-ac3316f371ab/94690633760.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9980cee0-8e10-4fe8-aefe-ef0fb993f197/jenosumorisukobitavixe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/354dad01-a65e-471d-9e7b-df35af2dce61/18289604352.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cfbc2565-9442-4fbc-9572-6596581b5caf/96503324479.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/be41e79d-e4b8-46a2-a01d-f93643abb23b/original_legend_of_zelda_guide.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0437/7667/1895/files/vapeziraloromitafobezumub.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0434/0957/1990/files/13743237872.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0481/4415/4791/files/chicago_flatwork_ironer_parts_manual.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005521.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5521 | 5640 bytes |
SHA-256: 6287c47c6b7bff5aebd3281736a39e9eb87b54bd34cdf1bc9762079d68e9a914 |
|||
font_01_sfnt_off00006837.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6837 | 11376 bytes |
SHA-256: 97da833e66d01fbad151c87a1eb7de80eacc0de826812d1234f48ddabb11b05a |
|||
font_02_sfnt_off00008de6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8DE6 | 18708 bytes |
SHA-256: fda7b024a0c035f85341233f24ef4110abef31c10bf1f5a9cd0c6477556da9ed |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.