MALICIOUS
254
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/wb?keyword=3d%20max%20interior%20design%20tutorial In PDF document text
- https://zoniziwaxetoxa.weebly.com/uploads/1/3/4/4/134441104/7166557.pdfIn PDF document text
- https://jolibudowuw.weebly.com/uploads/1/3/4/5/134596284/8557686.pdfIn PDF document text
- https://gamupizesusaza.weebly.com/uploads/1/3/1/3/131398140/posubuxapeb_fufivito.pdfIn PDF document text
- https://luwutike.weebly.com/uploads/1/3/4/5/134518400/lupebulumup_vowotokob.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/112a2a93-22c2-4ed8-8292-043eb60f0bb7/calendario_escolar_2019_angola.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8e1e9578-3883-4805-bb64-66d64efdfe4b/59072873454.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/420d353e-db50-4de2-9b01-cb430bc00366/xasop.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc7b8c4418d7934ac78d68d/t/5fd0137786dbd518eccb41be/1607471992944/impossible_game_yellopain.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4b079417-5d18-4e62-b363-e3a6b29883d5/brine_shrimp_lab.pdfIn PDF document text
- https://static1.squarespace.com/static/5fcdfc3f2ee13227da65690b/t/5fd6cb9e034a586a4f53f70f/1607912351430/free_vector_nurse_cartoon.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd0a9772f8b574a0f52544/1606224543671/fallout_new_vegas_casino.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9dbe9e44-e499-498a-a277-0f9933bf6083/moon_lovers_scarlet_heart_ryeo_ep_14_eng_sub_dramacool.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5502a33a-a5d7-4935-831b-b9d4746cd5a5/33025988705.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a285e585-34a9-4a86-9849-f5caad627f3b/zinimurimo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/77216257-8c59-4f7b-b154-6e24b2770d65/89224291078.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d5ab.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD5AB | 5284 bytes |
SHA-256: 0888283dc8e04938a1f2b565484c5c7889f7c7b7a2c970f215ef9c7956d94a86 |
|||
font_01_sfnt_off0000e78a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE78A | 10332 bytes |
SHA-256: 4bf1f2aea8c7c38cadc8b0c8ede79e5104c602a97125ad2b8e9b581e6ce23857 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.