MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a link to a known malicious redirector URL, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The ML classifier also flagged this PDF as malicious with high confidence. The embedded URL is the primary indicator of malicious intent, likely serving as a lure for phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9989
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=tahar+ben+jelloun In PDF document text
- https://fufivivol.weebly.com/uploads/1/3/0/8/130873849/zikula_kalefiwopuruda_rerobiza.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382413/normal_5f8f9e2f9b54e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4381735/normal_5f915d11cb12f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379043/normal_5f8bd2bdcfe9d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4385413/normal_5f8fd9bdd8056.pdfIn PDF document text
- https://fijojonibiw.weebly.com/uploads/1/3/2/6/132681787/miguzugunuru_zakonapuwomemos_subazeva.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/lupuvogotog/95443972735.pdfIn PDF document text
- https://s3.amazonaws.com/henghuili-files/balanced_scorecard_conceito.pdfIn PDF document text
- https://s3.amazonaws.com/vesubodufisi/rubico_prime_vs_vectis_prime.pdfIn PDF document text
- https://s3.amazonaws.com/foneniz/bhagavad_gita_chapter_11.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a9b649bb-aff8-4eb4-8562-b65f3cadce03/kozela.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/862819c7-15fd-4cf6-b305-7285e3ac364e/18513866899.pdfIn PDF document text
- https://s3.amazonaws.com/jesidofefe/35531903578.pdfIn PDF document text
- https://s3.amazonaws.com/bejokazemur/24374619380.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008042.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8042 | 4512 bytes |
SHA-256: c07daf9b26662a60753b2c9880bd66f6122ebeedace1c25dec96363c277b7fa8 |
|||
font_01_sfnt_off00008f8c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8F8C | 12736 bytes |
SHA-256: b8198699792d29a19c0b91bf64f6c8c0901cae3dbc479dcee4ff910f4937ad3b |
|||
font_02_sfnt_off0000b69e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB69E | 17352 bytes |
SHA-256: 8f02c4ff5fda36f7913ba8f0b4415063c9aaec39c7adeb309da4ace06d03f329 |
|||
font_03_sfnt_off0000d01b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD01B | 4324 bytes |
SHA-256: 1158d95dac44631f497756703988ba3645251422e7ff0015d3fca430225e7c3e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.