MALICIOUS
122
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF containing a link to a known malicious redirector infrastructure. The ClamAV detection further confirms its malicious nature. The embedded URL is likely intended to lure the user into clicking it, leading to a phishing page or malware download.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4101
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/aws?utm_term=jquery+ajax+send+form+data+post In PDF document text
- https://cdn-cms.f-static.net/uploads/4375514/normal_5fd772ef68030.pdfIn PDF document text
- https://site-1176294.mozfiles.com/files/1176294/battle_arena_toshinden_4_download.pdfIn PDF document text
- https://rurasaza.weebly.com/uploads/1/3/4/8/134869927/pagufite.pdfIn PDF document text
- https://cdn.sqhk.co/kunutewiwit/heFM2jj/granny_simulator_apk_for_android.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4445326/normal_5fc85b3c3dec6.pdfIn PDF document text
- https://cdn.sqhk.co/gogojiranat/ijgegeB/besofifimezexavisipili.pdfIn PDF document text
- https://cdn.sqhk.co/fabozesemi/FGjd4hh/management_skills_assessment_program.pdfIn PDF document text
- https://site-1177587.mozfiles.com/files/1177587/gasozi.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://www.opentle.orgIn PDF document text
- https://s3.amazonaws.com/palikuvexake/shahganj_jaunpur_weather_report.pdfIn PDF document text
- https://s3.amazonaws.com/wujixus/vukisudixuvosud.pdfIn PDF document text
- https://s3.amazonaws.com/befarekogol/aleks_initial_knowledge_check_answers_chemistry.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001e039.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1E039 | 22184 bytes |
SHA-256: 7491d171294c618e0c87b4028d36fb33198bea06db4a4dfcc918ca250f1325a7 |
|||
font_01_sfnt_off000220be.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x220BE | 5516 bytes |
SHA-256: 234978beacfe174b0bb30b5cd60944bb523459325d81cddddf5840b82c330f00 |
|||
font_02_sfnt_off0002337a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2337A | 2476 bytes |
SHA-256: 73a1bb60e37fcb34b20043ddfa274a0d0f146338f7f0d3214e4d32654df68dba |
|||
font_03_sfnt_off00023df6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x23DF6 | 6276 bytes |
SHA-256: b7baf7112c73e1462bc6f2113e79665ef5a4bad0c4152c998e0c911134eae884 |
|||
font_04_sfnt_off00024dd8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24DD8 | 12968 bytes |
SHA-256: 1cb181d6586dc2c2ffae5737c2ce12aff3eab251069c922582962b957c54a5eb |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.