MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous links, masquerading as a datasheet, that redirect to malicious infrastructure. The primary malicious URL identified is ttraff.ru, which is flagged as a redirector. While no scripts were directly extracted, the PDF structure and embedded links suggest an attempt to lead the user to a malicious site, likely for further exploitation or phishing.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=arduino+nano+v3+datasheet+pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0435/2330/9727/files/makosarog.pdf
- https://cdn.shopify.com/s/files/1/0438/0708/0605/files/1750563114.pdf
- https://cdn.shopify.com/s/files/1/0428/3272/4124/files/ajax_jquery_tutorial_for_beginners.pdf
- https://cdn.shopify.com/s/files/1/0435/3946/4341/files/zosabidivuketiler.pdf
- https://static.usrfiles.com/ugd/3aca14_39e35f3757114cb9aafc68e6f4caa77d.pdf
- https://static.usrfiles.com/ugd/b13fd1_8ba3d735bb7b448a94e186480ac7f01e.pdf
- https://static.usrfiles.com/ugd/b58d21_c82d3e54f1ad45018c306216ee02d5b7.pdf
- https://static.usrfiles.com/ugd/efb3f0_bd5e086409a8421eb79638967ce79eb0.pdf
- https://static.usrfiles.com/ugd/b91566_691bcf038d55437ab383f2b21829c5f3.pdf
- https://static.usrfiles.com/ugd/f967ac_5be5fc423bdb4b99bc8caed91c67d830.pdf
- https://static.usrfiles.com/ugd/b8c837_893dac0340ab4e1f8b41f172dcd4a74f.pdf
- https://static.usrfiles.com/ugd/384ea4_404006a197ec4bf291302a8084cd6e11.pdf
- https://cdn.shopify.com/s/files/1/0430/9755/5098/files/network_security_courses.pdf
- https://cdn.shopify.com/s/files/1/0433/7565/7121/files/remove_chrome_autofill.pdf
- https://cdn.shopify.com/s/files/1/0432/0778/6654/files/feradosolopazolo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006cf3.bin11a7210a4132b235aa0eb5f7d1cb0772c25360248b1a8185818383fd7c40f083 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CF3 | 5308 bytes |
font_01_sfnt_off00007f0a.bin4b69b4cd4bef6be92b005a146bc942404109e1e96fd359e16ec8801265b8ffbd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F0A | 10008 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.