MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of embedded links, many pointing to Shopify-hosted PDFs, which is characteristic of SEO poisoning or link farm abuse. One of the primary links, 'https://ttraff.cc/wix?keyword=m103+war+thunder', is flagged as a malicious redirector. This suggests the document's purpose is to direct users to malicious infrastructure, potentially for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=m103+war+thunder
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0431/4526/5312/files/wonigedudulunikuxabadog.pdf
- https://cdn.shopify.com/s/files/1/0434/1222/6206/files/tally_accounting_software_tutorial_download.pdf
- https://cdn.shopify.com/s/files/1/0440/1243/7662/files/9856783623.pdf
- https://cdn.shopify.com/s/files/1/0430/5167/9893/files/54062115723.pdf
- https://cdn.shopify.com/s/files/1/0434/1828/8277/files/37545159782.pdf
- https://cdn.shopify.com/s/files/1/0430/6645/8265/files/expediting_report_definition.pdf
- https://static.usrfiles.com/ugd/b8c837_a13bc0e5fe34492085f4c3059a62117b.pdf
- https://static.usrfiles.com/ugd/b8c837_a68e02830b39473f841d86b02c2a8941.pdf
- https://static.usrfiles.com/ugd/b8c837_252bb4464eba48129b44f48d3fa92da9.pdf
- https://static.usrfiles.com/ugd/b8c837_b108469c8e0340d8b80129a5f301a737.pdf
- https://static.usrfiles.com/ugd/b8c837_d24f5c1e38fc4a3c91b54e5b65764412.pdf
- https://static.usrfiles.com/ugd/b8c837_220ade6815ed48b7aa4d76abad028ef4.pdf
- https://static.usrfiles.com/ugd/b8c837_8aef4bd7450e4bf58fb25e2af207edbf.pdf
- https://static.usrfiles.com/ugd/b8c837_4622dc215d2e4f94b6f89ab7e5d0f771.pdf
- https://static.usrfiles.com/ugd/b8c837_825bd7d1a2074e9fba7e7e164ce6d92f.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007de8.bin1ca40ea9bda949d5173811e372f2140be2980e8e080dd048c8b0108e63968adf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DE8 | 5160 bytes |
font_01_sfnt_off00008f7f.bin9a56809590a47e26f27dc4b2c874fa03e572e2a1a1ca3208205045eb2364eabe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8F7F | 10600 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.