MALICIOUS
184
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/123?keyword=gopro+hero+7+black+operating+manual In PDF document text
- https://zadumeredevasax.weebly.com/uploads/1/3/1/4/131453870/d96ab15ee.pdfIn PDF document text
- https://bubiwodepu.weebly.com/uploads/1/3/2/8/132815961/9723125.pdfIn PDF document text
- https://gofegupozomo.weebly.com/uploads/1/3/4/4/134479888/a0a8b9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4381973/normal_5f8dc14a4964f.pdfIn PDF document text
- https://zavomafig.weebly.com/uploads/1/3/4/3/134356936/2b2fb27b121.pdfIn PDF document text
- https://jirunemopisitex.weebly.com/uploads/1/3/4/3/134332051/7923452.pdfIn PDF document text
- https://jakedekokobara.weebly.com/uploads/1/3/1/3/131381480/nimemoroligamaj-tafixidupara.pdfIn PDF document text
- https://vilukenuxe.weebly.com/uploads/1/3/2/8/132814007/2632610.pdfIn PDF document text
- https://lodirunesu.weebly.com/uploads/1/3/0/8/130874391/df1f1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368250/normal_5f8b2dbee5223.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367940/normal_5f87e4bd7f03d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4391898/normal_5f913c37e9142.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4376600/normal_5f8a6ef94d4a9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377116/normal_5f8bf7be4d02f.pdfIn PDF document text
- http://www.ascendercorp.com/In extracted file (font_01_sfnt_off0000719e.bin)
- http://www.ascendercorp.com/typedesigners.htmlIn extracted file (font_01_sfnt_off0000719e.bin)
- http://www.opentle.orgIn extracted file (font_02_sfnt_off00008418.bin)
- https://uploads.strikinglycdn.com/files/aafec072-a30e-4a4a-bb29-cc103087e9ff/7795093089.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3237aeaa-8bbe-4b1f-a866-03180d01b6e0/laseli.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b4814e73-a03e-4030-bbc9-36b9b118b360/2575120813.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/57ddeb5d-6b50-4d4e-add8-6748180c7806/kufijede.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f4d23ca-7de0-45d2-aae5-5d765f2948cd/79889146408.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ffdfbc99-3995-415d-b1a0-77a36fc62d15/denafujod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4e15dea-9a1c-4585-b9e7-2f851ed42ecd/75902215342.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn extracted file (font_01_sfnt_off0000719e.bin)
- http://www.gnu.org/licenses/gpl.htmlIn extracted file (font_02_sfnt_off00008418.bin)
- http://dejavu.sourceforge.netIn extracted file (font_04_sfnt_off0000bcd6.bin)
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn extracted file (font_04_sfnt_off0000bcd6.bin)
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000064b7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64B7 | 3596 bytes |
SHA-256: 0fd3284316f9bbe4c5c0b7c66cb03f3e6c4f5b7640ca08ea041c6d5b13fb736f |
|||
font_01_sfnt_off0000719e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x719E | 5484 bytes |
SHA-256: da11aeddf9e84f18eeb8c827793325f79758a373b409e5353ebaf263d1734d13 |
|||
font_02_sfnt_off00008418.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8418 | 5768 bytes |
SHA-256: 9154414db840713cb65a2c43fed2ddc03816bf882f436e7aedbec1b48df1c1f6 |
|||
font_03_sfnt_off00009294.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9294 | 13884 bytes |
SHA-256: 27bbb167227349f42c92ebb99d1d18bf6c53288d5404c0ef0ffb44af5fe318fa |
|||
font_04_sfnt_off0000bcd6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBCD6 | 16728 bytes |
SHA-256: 9de6114625a2be64760f4eb8148a6226eb29f291d180ea0f8b015453edd5e714 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.