MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous embedded links, with one specifically identified as a malicious redirector. The document body, though heavily obfuscated, contains the URL 'https://ttraff.cc/wix?keyword=canon+powershot+sx50', suggesting a lure to a potentially malicious site. The presence of a large number of external PDF links further indicates a link farm or SEO manipulation tactic, likely to drive traffic to malicious destinations.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=canon+powershot+sx50
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/b8c837_a1e84343a25045e0af5817545cbc537a.pdf
- https://static.usrfiles.com/ugd/de3d83_69f7d988d10c4610a4e5f3f5b31053ec.pdf
- https://static.usrfiles.com/ugd/b8c837_09b453a9940544f2b6c67044e154fa97.pdf
- https://static.usrfiles.com/ugd/c20ea7_87ac4d3990a24eb3a09702436ec1a723.pdf
- https://static.usrfiles.com/ugd/b8c837_37c859cad9194e17ba0a72548043c868.pdf
- https://static.usrfiles.com/ugd/77941b_a76655cedd2b4126919025d7df9d7f51.pdf
- https://static.usrfiles.com/ugd/b8c837_0b6596033ebe41459a3f3a90c3985e06.pdf
- https://static.usrfiles.com/ugd/b0b521_81362f11106e4c93b324402edf356033.pdf
- https://static.usrfiles.com/ugd/e8506d_0c2c8a15684249ccaa8aeb395e4b9b8c.pdf
- https://static.usrfiles.com/ugd/e5a943_13fd7fb1e7be44819fc5e1dd61027935.pdf
- https://static.usrfiles.com/ugd/0c268c_dcf12171730d419f98f56ed6e9a724b7.pdf
- https://static.usrfiles.com/ugd/4dd980_2e0f1bc2864d4f0da7e8987dc33ac5b8.pdf
- https://cdn.shopify.com/s/files/1/0430/9552/3485/files/78701400230.pdf
- https://cdn.shopify.com/s/files/1/0437/6700/5333/files/casio_edifice_efa_121_manual.pdf
- https://cdn.shopify.com/s/files/1/0459/9962/0263/files/86362203534.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000545d.binb8e2added6c052d330a9acff75d7118f0811cc620acd581d4cb540ebb02d07ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x545D | 5208 bytes |
font_01_sfnt_off00006621.bin509afca6a2433713b9f8daf94cb5ab1d90ae304455a413a52041cf857393e01b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6621 | 14004 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.