MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links, one of which, 'https://ggtraff.ru/strik?keyword=facebook+auto+liker+apk+free+download', is flagged as a malicious redirector. The document body, though heavily obfuscated, contains a reference to this URL and the phrase 'facebook auto liker apk free download', indicating a social engineering lure. The PDF also hosts a large number of external links, suggesting it's part of a link farm designed to improve SEO for malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ggtraff.ru/strik?keyword=facebook+auto+liker+apk+free+download In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/burger_king_coupons_mrz_2019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/be0a2bbf-9685-4f8a-81cb-f11f8e0fe6fc/51862486445.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0503/6677/5456/files/sonesta_es_suites_flagstaff_phone_number.pdfIn PDF document text
- https://s3.amazonaws.com/xipavir/juvuda.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78b6a4a5-2de8-49f5-bd2d-4dd9fa6f1fbd/11738306489.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0485/9677/9168/files/2600_phrases_for_effective_performance_review_free.pdfIn PDF document text
- https://s3.amazonaws.com/felasorarabipis/dart_tutorial_for_flutter.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c785f0bd-0422-41cd-bba3-523987fed445/vavimivis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db38c523-a0bd-4e85-9b9e-afe41dfa26e4/mavewoke.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0430/9155/8551/files/whatsapp_transparan_terbaru_2020_apk_download.pdfIn PDF document text
- https://s3.amazonaws.com/kezemiradigu/70523428311.pdfIn PDF document text
- https://s3.amazonaws.com/gulapore/xipaxotasipaxisatola.pdfIn PDF document text
- https://s3.amazonaws.com/dotivaf/beperunu.pdfIn PDF document text
- https://s3.amazonaws.com/wilugugo/nemitotoduvutuxabexa.pdfIn PDF document text
- https://s3.amazonaws.com/xanebavifamopez/93846793104.pdfIn PDF document text
- https://s3.amazonaws.com/sazixipame/ririmitikivekinivikugejoz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1b38d2b-3fa0-4ee2-8a77-dac978b72afc/nexozuliruzukulufotebopu.pdfIn PDF document text
- https://s3.amazonaws.com/magapeguwabe/can_a_file_be_dangerous.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4fddbea-839e-426e-ac52-c4679f213e8f/59493560235.pdfIn PDF document text
- https://s3.amazonaws.com/kavitokolezub/arduino_mega_2560_programming_tutorial.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/19387e29-89bf-46fc-a8b6-9f2349ea7396/98677608337.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f19ea64a-dfc6-4acf-b6c7-15ee1a53309a/4885876351.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c07269ea-d4ce-4f1e-80eb-51682c700161/nubuzezomitefikuwexub.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006c1a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C1A | 5224 bytes |
SHA-256: 244d70278e33ca6e52844ff1a6be4485318903321b4ac81989946c84b1bc931e |
|||
font_01_sfnt_off00007dff.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DFF | 10548 bytes |
SHA-256: e883523c769c5a41d69c7e42576c59f4deff6666c7906a3cba56542232b6b617 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.