MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains embedded links, one of which is identified as a malicious redirector. The document body, though heavily obfuscated, contains text suggesting a lure related to 'king cobra care sheet' and includes the malicious URL. The presence of a link farm and the ML classifier's high confidence score further support the malicious nature of this document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9986
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=king+cobra+care+sheet In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static.usrfiles.com/ugd/de9003_d1c4b50ec3fd468aa28d7a01be48f4cc.pdfIn PDF document text
- https://static.usrfiles.com/ugd/694d5d_1b90e2bd96b34a60864ed8fef8edb69c.pdfIn PDF document text
- https://static.usrfiles.com/ugd/f3bfbb_436858d647b84883bece690cef13edca.pdfIn PDF document text
- https://static.usrfiles.com/ugd/7ba596_173eeb47644e460d9f72d3ca9cb2a784.pdfIn PDF document text
- https://static.usrfiles.com/ugd/314c35_ae9f62755eaa43d59ac768beaddaa67d.pdfIn PDF document text
- https://static.usrfiles.com/ugd/e2c6c1_4126399a73d5460a98bfd61c72c3573f.pdfIn PDF document text
- https://static.usrfiles.com/ugd/3794ad_302bfa2d2b9a427baceb6564cd1de874.pdfIn PDF document text
- https://static.usrfiles.com/ugd/6f9b04_eb20d8c9d94341aa85ddfec7166f01c0.pdfIn PDF document text
- https://static.usrfiles.com/ugd/60ffa2_60e2c9870a0a4f03825786d07ad64f06.pdfIn PDF document text
- https://static.usrfiles.com/ugd/05301a_0e92e2ff0c9241ee98d65e51b3950c6c.pdfIn PDF document text
- https://static.usrfiles.com/ugd/63f22d_715cd7a158964d27a4f332a2a7d20379.pdfIn PDF document text
- https://static.usrfiles.com/ugd/0df15e_c2e5389c682846f88fb7dae80bca9407.pdfIn PDF document text
- https://static.usrfiles.com/ugd/9d24cb_c8d1ce5f10024e45bf5d8a290a4e092d.pdfIn PDF document text
- https://static.usrfiles.com/ugd/19103d_ff43c840e4c444e1bfaf280eb3aba455.pdfIn PDF document text
- https://static.usrfiles.com/ugd/37428b_f0dba20de344411695acacf28c2227b3.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c8b7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC8B7 | 5136 bytes |
SHA-256: 1e28ebed87f2d826e5c1a7cb331efad4c3b621bf7a6aedaf45e3f8d4ef16d2c3 |
|||
font_01_sfnt_off0000da35.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA35 | 10976 bytes |
SHA-256: bdbbebd8c0823bf15fe21b3ed7b3bb5263562c3addeeceb649129ad3a1223c59 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.