MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a heuristic firing for linking to known malicious redirector infrastructure, specifically pointing to 'https://gettraff.ru/strik?keyword=third+crisis+guide'. The document body, though heavily obfuscated, contains a reference to this same URL, suggesting an attempt to direct users to a malicious site. The presence of numerous external PDF links also indicates a potential link farm or SEO manipulation tactic.
Machine Learning
- Nyx PDF Classifier malicious score 0.9943
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=third+crisis+guide
- https://cdn-cms.f-static.net/uploads/4375087/normal_5f8b3e7f74841.pdf
- https://cdn-cms.f-static.net/uploads/4370985/normal_5f904eaba76ad.pdf
- https://cdn-cms.f-static.net/uploads/4369926/normal_5f913d6be5063.pdf
- https://cdn-cms.f-static.net/uploads/4387924/normal_5f915942d4d81.pdf
- https://vodiwisilob.weebly.com/uploads/1/3/2/6/132681054/9902509.pdf
- https://jawasolasazilem.weebly.com/uploads/1/3/1/3/131379174/3722212.pdf
- https://gibitiwatu.weebly.com/uploads/1/3/0/7/130776060/e828ef01abe12.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0496/0826/1795/files/rittal_product_catalogue.pdf
- https://cdn.shopify.com/s/files/1/0430/4502/7993/files/ryobi_weed_eater_repair_manual.pdf
- https://cdn.shopify.com/s/files/1/0483/0137/5650/files/lexington_va_tv_guide.pdf
- https://cdn.shopify.com/s/files/1/0481/7050/0247/files/flank_area_adalah.pdf
- https://uploads.strikinglycdn.com/files/d7532be8-ade4-42fa-a193-7b9bf5e68f90/arduino_basic_kit.pdf
- https://uploads.strikinglycdn.com/files/fb623021-2ed6-4083-9adb-1bbe94b0c2bf/satlan_maln_maliyeti_tablosu_excel.pdf
- https://uploads.strikinglycdn.com/files/0f8efd49-6399-4365-b572-0a7ed8722fc2/xekamobetexobin.pdf
- https://uploads.strikinglycdn.com/files/46f044ea-9e65-4d68-b1fe-f7d9c90d6bef/lamakaxidarenadajitowute.pdf
- https://uploads.strikinglycdn.com/files/7d2b1e48-1446-42b1-974a-7388f6bbe4d0/zuweburawi.pdf
- https://uploads.strikinglycdn.com/files/efe43ca7-6b98-4f38-97f6-d8b78987cfdb/17381370615.pdf
- https://s3.amazonaws.com/zetare/causes_of_social_anxiety.pdf
- https://s3.amazonaws.com/felasorarabipis/article_371_j.pdf
- https://s3.amazonaws.com/putelekireza/95409196194.pdf
- https://s3.amazonaws.com/fasanag/definition_of_water_conservation.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000159d8.bin4cc24e1d75553287b5b0d39dee21e7df544e66e280544bbb900cd67e1e410306 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x159D8 | 4908 bytes |
font_01_sfnt_off00016a86.bina2834e32e7adf61005c4dbcd7b45f2d297e1bff5b8069020abf2965405276451 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16A86 | 11108 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.