MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of links to external PDFs hosted on disposable domains, indicating a link farm. One of the embedded URLs, https://cctraff.ru/strik?keyword=handbook+de+excipientes+farmaceuticos+en+espa%25C3%25B1ol+pdf, is flagged as a malicious redirector. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?keyword=handbook+de+excipientes+farmaceuticos+en+espa%25C3%25B1ol+pdf In PDF document text
- https://fulipevaxavu.weebly.com/uploads/1/3/2/6/132695351/kefasene.pdfIn PDF document text
- https://vuzevarezevarot.weebly.com/uploads/1/3/0/7/130740461/sumaxika.pdfIn PDF document text
- https://jawowigo.weebly.com/uploads/1/3/0/7/130774982/296d838f50c724.pdfIn PDF document text
- https://mogilifus.weebly.com/uploads/1/3/0/7/130739831/5401885.pdfIn PDF document text
- https://mogilifus.weebly.com/uploads/1/3/0/7/130739831/sixukejomiwewanage.pdfIn PDF document text
- https://nanorobudilason.weebly.com/uploads/1/3/0/7/130775181/cdda8a3bd8f4.pdfIn PDF document text
- https://wefamojugibe.weebly.com/uploads/1/3/1/1/131164519/rukazo.pdfIn PDF document text
- https://berajuvexoru.weebly.com/uploads/1/3/1/8/131860787/mesiz.pdfIn PDF document text
- https://xojerajap.weebly.com/uploads/1/3/1/3/131384359/zebapesuluboxaj.pdfIn PDF document text
- https://site-1048219.mozfiles.com/files/1048219/prenatal_microarray_reporting_guidelines.pdfIn PDF document text
- https://site-1036981.mozfiles.com/files/1036981/tilibama.pdfIn PDF document text
- https://site-1043923.mozfiles.com/files/1043923/31552578788.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/6e1a5bf5-6667-426f-8f40-63d25c6fb9dd/67892048952.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db269399-5891-4989-9d23-30cc2207424e/14533095227.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d20aa210-0ab1-4b5f-92eb-c827141f5050/18386294463.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6f9c669d-7b40-4a43-a283-0d833e723a6c/xajozavupupoposebalojer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/273092ea-3fcc-465b-b612-f6e1a4ddb2ef/balurorikekanijezor.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/26661f4b-f723-4173-96f3-e200c0732eb2/59908149297.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8568ea20-e9fc-4e0a-8050-afab9f46a50d/96637693702.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d3414a4f-e7d5-40ae-980c-47e16d484fac/64477759731.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/75539c83-bc50-46e1-b64b-525b1e1e116a/teliseti.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1b2740d9-6391-40a8-a83a-dd3f12f5736e/88497692706.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006671.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6671 | 5744 bytes |
SHA-256: bf5e8f3b6cdccbfcaa80fc15fa397bef896d718bd23abe3a3745ff8402e29466 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.