MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file contains a large number of embedded links, many of which point to external PDF documents. One of the primary links, 'https://ttraff.me/wix?keyword=comes+in+a+box+word+stacks+answers', is identified as a malicious redirector. The presence of numerous links suggests an attempt to manipulate search engine results or to distribute further malicious content through a link farm. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=comes+in+a+box+word+stacks+answers
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/9421c8_80631a86167448e9b34595cd08493b15.pdf
- https://static.usrfiles.com/ugd/ea5d7b_053b3e98e8d34c26bf61b5d921e0d8c9.pdf
- https://static.usrfiles.com/ugd/a4ea6c_4173ef6734824991adbaf0706732ec50.pdf
- https://static.usrfiles.com/ugd/b8c837_b3ac721f6209430e97512b755d429ab6.pdf
- https://static.usrfiles.com/ugd/5b5da7_4bb1465a1e6548969b5ba210046a635c.pdf
- https://static.usrfiles.com/ugd/ed64d2_cc1c32aeaf234858a96b9a86bca5d539.pdf
- https://static.usrfiles.com/ugd/40336e_4abf9ebe26da46dc9be9e2b853f15b3d.pdf
- https://static.usrfiles.com/ugd/9ff9b8_9161385fb8e8461f833514323dcc5d3a.pdf
- https://static.usrfiles.com/ugd/e6e573_2d1349504d2340708041076eceb7f1b3.pdf
- https://static.usrfiles.com/ugd/bca722_77f1e203feee4eabb062cab326c4310c.pdf
- https://static.usrfiles.com/ugd/bb3bf9_8aa5756d67964891849367287d8e93ac.pdf
- https://static.usrfiles.com/ugd/b8c837_242eacf27ca840ac8947c64a1df6c130.pdf
- https://static.usrfiles.com/ugd/87b9a8_ea0f9875d4d544dbb811707e7e78de80.pdf
- https://static.usrfiles.com/ugd/3801ff_ec1db73d4f8e483bb71097be3d73f7c4.pdf
- https://static.usrfiles.com/ugd/33a16d_eb5bd46bcc304932844bc11f8125479b.pdf
- https://static.usrfiles.com/ugd/c722c2_31c81e9835b3481db6e86a064370b476.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005e62.bin2c1994188845628bf673561940fb027f138c62e4e48b1e1c19de01fbb89ca756 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5E62 | 5320 bytes |
font_01_sfnt_off00007079.bin4f367e750769bd7df5da699e897c028c0ddd59d9d6e55420c312a9770ba8651e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7079 | 10184 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.