MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of embedded links to other PDFs, forming a link farm. One of these links, 'https://ttraff.me/wix?keyword=dress+for+the+day', is flagged as a malicious redirector. This suggests the document is designed to drive traffic to malicious infrastructure, likely as part of a phishing or scam campaign. No scripts were extracted, but the presence of numerous links points to a social engineering tactic.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=dress+for+the+day
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/b8c837_c1c9d490aab846f5b80f94d44adeccb7.pdf
- https://static.usrfiles.com/ugd/b8c837_e220eca333604a2a85b7400a3d14c077.pdf
- https://static.usrfiles.com/ugd/b8c837_09866f46679549229b369d8bef85c2c7.pdf
- https://static.usrfiles.com/ugd/b8c837_1a70e473ec2e4c9f988ece322f06285d.pdf
- https://static.usrfiles.com/ugd/b8c837_66e615173dc842f485a4b6990aa8b426.pdf
- https://static.usrfiles.com/ugd/b8c837_d46e7e9ee5fb434b9fd3cfe864469dde.pdf
- https://static.usrfiles.com/ugd/b8c837_40d955db258743aca8a77424d677199c.pdf
- https://static.usrfiles.com/ugd/b8c837_8d33dfcc10a846b6a6a1f7ad882374ea.pdf
- https://static.usrfiles.com/ugd/b8c837_a7eadc1caf0b4c1e95814b6296c2172f.pdf
- https://static.usrfiles.com/ugd/b8c837_1e40d65d06b045dbad098a693df33e26.pdf
- https://static.usrfiles.com/ugd/b8c837_15e9eb2a86294556bd47030af114e33a.pdf
- https://static.usrfiles.com/ugd/b8c837_0ba8fa64ff2146f39c01d83a7ed68bbf.pdf
- https://static.usrfiles.com/ugd/b8c837_5caa6fcab1b8404dabd3089ca940885f.pdf
- https://static.usrfiles.com/ugd/b8c837_d76afc95570843bbb83e292015836584.pdf
- https://static.usrfiles.com/ugd/b8c837_28ec0c09d5c44f5c84b1abdc992a1570.pdf
- https://static.usrfiles.com/ugd/b8c837_b63e8f85dcc44d25b9d1fcad1a8082d3.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006b9a.bin1b3771bcf58abf1cb548683b405c4c45ae4b8728f581cfbcf77fb7e3c2a3ab88 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B9A | 5064 bytes |
font_01_sfnt_off00007cd4.bin810538c3ba763f2de8f3bae80a054c00d0b8a7d9eb34f42bf23ad993a7efcb21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7CD4 | 10844 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.