MALICIOUS
158
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains embedded JavaScript and multiple links, one of which points to a known malicious redirector infrastructure. The document body text and embedded links suggest a lure for downloading content, likely leading to malware. The presence of embedded JS and the redirector link indicate an attempt to deliver a malicious payload or redirect the user to a phishing site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=burying+the+ex+full+movie++300mb
- http://vukasefap.super-sounds.com/uploads/1/3/0/9/130969280/4124705.pdf
- http://begime.biglittlebrains.com/uploads/1/3/1/1/131164250/jogixa.pdf
- https://cdn.shopify.com/s/files/1/0430/6223/1201/files/2013_ford_focus_owners_manual.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/97072231683.pdf
- https://cdn.shopify.com/s/files/1/0430/6668/7642/files/katukopuwadozid.pdf
- https://cdn.shopify.com/s/files/1/0463/0960/5541/files/award_certificate_templates_free_printable.pdf
- https://cdn.shopify.com/s/files/1/0434/8156/3286/files/wakag.pdf
- https://cdn.shopify.com/s/files/1/0447/9208/6685/files/branches_of_government_project.pdf
- https://cdn.shopify.com/s/files/1/0432/9812/8036/files/free_enchanted_forest_wedding_invitation_template.pdf
- https://cdn.shopify.com/s/files/1/0433/3145/3081/files/legola.pdf
- https://cdn.shopify.com/s/files/1/0434/1838/6588/files/zunosigo.pdf
- https://cdn.shopify.com/s/files/1/0436/7322/3321/files/gipinugexep.pdf
- https://cdn.shopify.com/s/files/1/0432/7401/0782/files/solafit.pdf
- https://cdn.shopify.com/s/files/1/0435/0076/5336/files/43879242533.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004635.bin07f5065ae659237f99dfff0be9f307bc2adc94b8f244748697bee8a6c403fd7b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4635 | 5520 bytes |
font_01_sfnt_off000058f1.bin87985804ebf98b1030980f20b4e39595e1aa76caccafc3e7d64f2ca02509db1c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x58F1 | 20968 bytes |
font_02_sfnt_off00007922.bin5e0676e134781f2a21c06a0d045eebc95ad2f72f5ed7fc876ffdcead7ccbe471 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7922 | 2276 bytes |
font_03_sfnt_off000082eb.bin36ebd19562643ff10b12611582aa0c311f64c27ad5ac60e82da2fdbe962c4798 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82EB | 9864 bytes |
font_04_sfnt_off0000a4c0.bine5f30af547b55dfbbae63869c45e93d04e829a64999393572a2275da8290585e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA4C0 | 2056 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.