MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged by a machine learning classifier as malicious. It contains a large number of embedded links, with one specifically identified as a redirector to a malicious URL. The document appears to be a link farm designed to lure users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=actex+study+manual+pdf
- http://files.karenwoodmansee.com/uploads/1/3/0/8/130814644/wabomelaji_veleko.pdf
- http://rigemum.biorbnz.co.nz/uploads/1/3/1/8/131856772/pilit.pdf
- http://wubex.somewhereintimeathens.com/uploads/1/3/0/7/130738850/fazofokidetu.pdf
- http://jezexikag.springvalleygirlssoccer.com/uploads/1/3/1/3/131383483/13dff.pdf
- http://panefuzej.lakewaypaddlesports.com/uploads/1/3/1/4/131406893/3365936.pdf
- https://479d5510-bf44-4245-8fab-46d170daf64c.filesusr.com/ugd/cf9ff1_79d988dc7e154fcaa770702ee693092e.pdf?index=true
- https://1c158fba-c2cf-45f8-b236-0840d4a88480.filesusr.com/ugd/aec2ea_ab96f990fdf14fa3a4ede79e8554cbb1.pdf?index=true
- https://f242ba29-536a-4f61-b471-1a9bfe9a3699.filesusr.com/ugd/e2b09b_70575aeca11b4d3f9b18e9732e35aa0a.pdf?index=true
- https://d4b4a664-a029-4ea2-b58d-ec0fc092c9c2.filesusr.com/ugd/296484_1559a695ea5a4fd0a774537bc924d5b9.pdf?index=true
- https://d5d7bcb1-0078-4473-be73-6f93bd12a019.filesusr.com/ugd/4a2613_f2445b3885cc4c60983103d1c77759cc.pdf?index=true
- https://f7f75382-d9db-4086-9cd1-c1c4ab212a4b.filesusr.com/ugd/895bef_acef06cfd3774150ac1e0a3026920549.pdf?index=true
- https://b25e1321-bfbc-411a-ba62-22696deb8ecb.filesusr.com/ugd/f3bfbb_5942aeac9f7b41eb814e095a777e934d.pdf?index=true
- https://4dfb2678-4f22-42f0-8f16-5a842dabc61a.filesusr.com/ugd/7ea8bb_4c8b3746431749abb0c101a3453e4997.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000047e7.bin8f33aa23d6e4c144635e15716adb9812ecc7e5032201830cf9ed063c5d28a151 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x47E7 | 5364 bytes |
font_01_sfnt_off00005a27.bin1bd8d49eaa3993f5fd391ff2027da4aebaacee68ad77f01f41a6aa1eea876914 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A27 | 10532 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.