MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
This PDF file contains a mass external link farm, with a primary link pointing to a known malicious redirector. The document body, though heavily obfuscated, contains text related to 'rocket league crack online' and the malicious URL, suggesting a lure for users to click on the link. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=rocket+league+crack+online
- https://static.usrfiles.com/ugd/b8c837_04f5f48ba3c547f8bc0aa6758eec0ba4.pdf
- https://static.usrfiles.com/ugd/b8c837_f0364a0c79614c7c8e994394df21ac15.pdf
- https://static.usrfiles.com/ugd/b8c837_35ee4f7454d942fb811e6e65be8bb538.pdf
- https://static.usrfiles.com/ugd/b8c837_62c9f0fc0e924daeae82770a05b6176a.pdf
- https://static.usrfiles.com/ugd/b8c837_7fc11c3a676642a194389e4fea123cbc.pdf
- https://cdn.shopify.com/s/files/1/0431/4900/0864/files/seismic_waves_activity_sheet.pdf
- https://static.usrfiles.com/ugd/b8c837_87d00bb687ca4e67b4ae52a38c2d35ef.pdf
- https://static.usrfiles.com/ugd/b8c837_bf36f6b73d654dffb9ad9e1c2509dd58.pdf
- https://static.usrfiles.com/ugd/b8c837_e2a383a491994bdb800dbf6807dcff9c.pdf
- https://static.usrfiles.com/ugd/b8c837_8b19053dcb8b430fa29ae142c58b6a2b.pdf
- https://static.usrfiles.com/ugd/b8c837_5a26b9393fed4c54a66499e581cfbdc1.pdf
- https://static.usrfiles.com/ugd/b8c837_be78dcb047de461186c38a227d43f792.pdf
- https://static.usrfiles.com/ugd/b8c837_fe0b654dd6f3450fa4922c0acb5911b7.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000630b.bin6a3495fdc4ebbd05082bd1681f10a8ee083864f78c40462bb87a23dc74f110e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x630B | 4860 bytes |
font_01_sfnt_off000073a6.bin457546973a80df0fd886b41ba2da3edcaa5a937c02c282fcb21ae8bf59282b27 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x73A6 | 14656 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.