MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, with critical heuristics identifying it as a malicious redirector and a link farm. The primary URL, https://gettraff.ru/aws?keyword=pleasant+valley+middle+school, is flagged as malicious redirector infrastructure. The document body, though heavily obfuscated, contains references to these URLs, suggesting an attempt to drive traffic to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/aws?keyword=pleasant+valley+middle+school
- https://jorimedazaget.weebly.com/uploads/1/3/0/7/130738946/6b3b95a23.pdf
- https://cdn-cms.f-static.net/uploads/4377928/normal_5f9814edea39b.pdf
- https://ranerenonosojib.weebly.com/uploads/1/3/1/4/131483420/6030170.pdf
- https://cdn-cms.f-static.net/uploads/4372967/normal_5f984f52ed834.pdf
- https://savakorudefipe.weebly.com/uploads/1/3/2/3/132303238/musuki.pdf
- https://bizumoku.weebly.com/uploads/1/3/2/6/132681494/4abe371ece.pdf
- https://cdn-cms.f-static.net/uploads/4369901/normal_5f8a15bd23982.pdf
- https://fofafobef.weebly.com/uploads/1/3/4/3/134349457/2a457a2845966.pdf
- https://lorebigida.weebly.com/uploads/1/3/4/3/134377432/4046726.pdf
- https://wefamojugibe.weebly.com/uploads/1/3/1/1/131164519/b41393.pdf
- https://zowupenejanelaw.weebly.com/uploads/1/3/4/3/134397621/sadixiloburu.pdf
- https://cdn-cms.f-static.net/uploads/4366043/normal_5f8716979df90.pdf
- https://xebikazogede.weebly.com/uploads/1/3/2/7/132740990/visepijejasikari.pdf
- https://cdn-cms.f-static.net/uploads/4375076/normal_5f8a286b455ce.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0495/6310/7480/files/9th_grade_english_reading_comprehension_worksheets.pdf
- https://uploads.strikinglycdn.com/files/77d0cb04-2919-48b8-9fea-83c47f402265/87679700149.pdf
- https://cdn.shopify.com/s/files/1/0502/6411/3305/files/sogigumadogadi.pdf
- https://uploads.strikinglycdn.com/files/97ed647a-e53e-486c-a874-65bca43a9ee2/70987483816.pdf
- https://cdn.shopify.com/s/files/1/0432/0319/9138/files/gilurosiwopavivepagujojog.pdf
- https://uploads.strikinglycdn.com/files/25729ba4-1928-496f-92e7-34d9c8233114/12099620173.pdf
- https://uploads.strikinglycdn.com/files/85af9cd4-4051-427a-8514-c9ce32647f73/jowutizegozufapixa.pdf
- https://cdn.shopify.com/s/files/1/0499/8725/6480/files/57742562518.pdf
- https://uploads.strikinglycdn.com/files/c53846fc-a746-451c-b05d-ec56ce4af563/39972119120.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005177.bin84b5f167d7f81631051c1adafdc7ead7a2f1f8d448875decb280c08853b7b2ff |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5177 | 5244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.