MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and contains a link to a known malicious redirector. The embedded URL, 'https://ttraff.link/pify?keyword=philosophy+purity+made+simple+here+comes+the+bride', is the primary indicator of malicious intent. This suggests the document is part of a phishing or malware distribution campaign, likely delivered as a spearphishing attachment.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=philosophy+purity+made+simple+here+comes+the+bride
- https://site-1038531.mozfiles.com/files/1038531/3845100264.pdf
- https://site-1036646.mozfiles.com/files/1036646/xunaroporitopiladorevetu.pdf
- https://site-1037175.mozfiles.com/files/1037175/89712679921.pdf
- https://site-1039424.mozfiles.com/files/1039424/wuxatakimomimazut.pdf
- https://site-1042286.mozfiles.com/files/1042286/zeraxutajorigojizujulizov.pdf
- https://site-1038879.mozfiles.com/files/1038879/sasimijolofaxanuxenina.pdf
- https://site-1036996.mozfiles.com/files/1036996/tomozasu.pdf
- https://site-1036833.mozfiles.com/files/1036833/55928532037.pdf
- https://site-1036651.mozfiles.com/files/1036651/ninarevi.pdf
- https://site-1037184.mozfiles.com/files/1037184/dikofemofija.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0483/3191/5427/files/basajedasobigusemuraki.pdf
- https://cdn.shopify.com/s/files/1/0479/3620/9063/files/98542765032.pdf
- https://cdn.shopify.com/s/files/1/0492/9434/4348/files/math_assessment_resource_service_answers_grade_7.pdf
- https://uploads.strikinglycdn.com/files/4e696a2b-f2a9-4ab1-849b-a40f8c0ef3a1/90120056829.pdf
- https://uploads.strikinglycdn.com/files/c1b7f9ae-098f-485a-9f36-70bf55c6b8e8/tabamikebu.pdf
- https://uploads.strikinglycdn.com/files/891f9804-5877-492d-a959-e27d974a8b15/29800662763.pdf
- https://uploads.strikinglycdn.com/files/6d58587e-aaac-4bce-99d1-6a790c45cb77/rudiluvefubusujopagetof.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000077db.bin86f073c6bbf315ac7982c7ab1a946129727bb82cdb13b9d55bea93b5b170c0e6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77DB | 5556 bytes |
font_01_sfnt_off00008a96.bin4e4ff4f82d3403bf968363321196b1a99cb2c660b97394ba3583f7e8e81cb12f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A96 | 10224 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.