MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded links, one of which, 'https://ttraff.me/pify?keyword=grasshopper+facts+sheet', is flagged as a malicious redirector. The document body, though heavily obfuscated, contains text suggesting a lure related to a 'grasshopper facts sheet'. The presence of numerous external PDF links, many pointing to static.usrfiles.com, indicates a potential link farm or SEO manipulation tactic to distribute malicious content. No scripts were extracted, but the heuristic firings strongly suggest malicious intent via redirection.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/pify?keyword=grasshopper+facts+sheet
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/93971e_baa24737a64e4a5a91b498707d7ec171.pdf
- https://static.usrfiles.com/ugd/ca300b_23417969babd465aadd24e1f8bd20c8d.pdf
- https://static.usrfiles.com/ugd/6116da_31fd84d95ceb430c935f8a233877c854.pdf
- https://static.usrfiles.com/ugd/a18aa6_a29425e86d6143d4ad4189ef10f0c9fc.pdf
- https://static.usrfiles.com/ugd/1f5cef_a932a59a341949d0b450f9170c8e1a22.pdf
- https://static.usrfiles.com/ugd/a86d68_933704dbaa5245808416c36c1d7a89f7.pdf
- https://static.usrfiles.com/ugd/dc8a8e_a8b56fa2816c4ce5b89de10c56ec0bee.pdf
- https://static.usrfiles.com/ugd/ccb1c6_97c697c063394848ba25ac72d2729301.pdf
- https://static.usrfiles.com/ugd/c33f71_bb4a0b670f3146888e0829ed4a9a907d.pdf
- https://static.usrfiles.com/ugd/b8c837_743a26bed5e847c9bbbd96eeb19aa4b5.pdf
- https://static.usrfiles.com/ugd/564d2e_89f68cd55a814980a179984bb45ff285.pdf
- https://static.usrfiles.com/ugd/353d00_f5d945dfed764cddaa26797657071cdc.pdf
- https://static.usrfiles.com/ugd/d90490_aa96e665ad3844ef965c5886598288ea.pdf
- https://static.usrfiles.com/ugd/7c41c1_b8b79faed92d4f0bbe0df09579d22f90.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007c77.bin8686a2974ca7d88e3a40400976fc1ff6d6cec2119a778a0bde93807795df007a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C77 | 5100 bytes |
font_01_sfnt_off00008dd1.bin85a5085603aeefd2100a722e5f5a6e5c457e4f1de5b50552c4b99d403adf4d7f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8DD1 | 10536 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.