MALICIOUS
132
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link that redirects to a known malicious domain, identified by the 'PDF_MALICIOUS_REDIRECTOR_LINK' heuristic. The document body, though heavily obfuscated, contains a URL that matches the malicious redirector. This suggests a phishing attempt to lure users to a malicious site, likely for credential harvesting or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffking.ru/aws?keyword=us+presidents+study+guide In PDF document text
- https://cdn-cms.f-static.net/uploads/4369516/normal_5f993e6d5fd37.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/3c7242d5-b84c-4f67-ad26-6978edd2e98c/sojudogasixutovaseza.pdfIn PDF document text
- https://liwefibago.files.wordpress.com/2020/11/30682704857.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4cb8178e-0591-437f-8b40-3e835dca74ad/lego_minecraft_mod_by_dantdm.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6d0d8538-bb23-47c1-a911-0c9834d0b191/kajasalula.pdfIn PDF document text
- https://fororonur.files.wordpress.com/2020/11/40045141384.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e02eb580-edad-4205-8beb-5df33101e8e4/jensen_projection_clock_radio_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/94d27c37-8630-4bf3-8981-0decb910e416/symantec_endpoint_protection_manager_unexpected_server_error.pdfIn PDF document text
- https://disabuwipe.files.wordpress.com/2020/11/48306232631.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9e122549-1ab8-4083-a213-9cd5c35fb2ba/misirimavanuvu.pdfIn PDF document text
- https://ragagimufoko.files.wordpress.com/2020/11/bosquejo_de_una_investigacion_documental.pdfIn PDF document text
- https://s3.amazonaws.com/temujonuwu/athlean_x_ab_workout.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a29.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A29 | 4980 bytes |
SHA-256: a8258100d509b57d4b9ac8b1e8ceb6de08b264ba947808c6a3c4aa6dbfe46d0d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.