MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged by multiple critical heuristics for containing malicious redirector links and a link farm. The ML classifier also strongly indicated maliciousness. The document body, though heavily obfuscated, contains a URL that matches one of the identified malicious links, suggesting a lure to a potentially harmful site. The presence of numerous external links points towards a delivery mechanism for further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=vaporesso+attitude+mod+manual
- http://wonifi.garritylpc.net/uploads/1/3/1/3/131379803/nekegigibi_kavovesatamo.pdf
- http://files.integritypump.com/uploads/1/3/0/9/130969728/sedurebozuku.pdf
- http://files.deenacormierphotography.com/uploads/1/3/0/7/130776393/97fb0392.pdf
- http://sazat.innerworkingsofmymind.com/uploads/1/3/1/4/131408371/8837780.pdf
- http://files.cliftonag.com/uploads/1/3/2/6/132696030/pojavemodoz.pdf
- http://files.gratefulfredsukeleardeterrent.co.uk/uploads/1/3/0/7/130776728/kagukol.pdf
- http://letujibum.fueliachemicals.com/uploads/1/3/0/9/130969186/801be3deaa9c7d.pdf
- https://99ddea45-e1eb-4e8c-83fd-8531753dbb14.filesusr.com/ugd/957eb4_48518a4891f54b1aa0e119d2d8c26b7c.pdf?index=true
- https://c5d3dc97-1191-4229-8363-eb4cdc1fee5c.filesusr.com/ugd/dc6899_59875b29af914628be6df21b45b61b45.pdf?index=true
- https://cc62c65f-6c18-467c-a0e3-c2b2fd469110.filesusr.com/ugd/105a8c_765f78d44ddd402281343ae827bcf219.pdf?index=true
- https://57df78e4-9223-402a-9fd4-f1d6672f1dad.filesusr.com/ugd/cbdbb6_03cfc7775c9e4e3e930e7a8e42a8dc0d.pdf?index=true
- https://fcfa9dd9-0c7d-4df0-9c39-4ddd71debd6e.filesusr.com/ugd/d3758e_b27f36ac9ef64137aa3ba2e93005fbea.pdf?index=true
- https://cdn.shopify.com/s/files/1/0433/5176/9256/files/manfaat_innisfree_sheet_mask_ginseng.pdf
- https://cdn.shopify.com/s/files/1/0432/6827/6384/files/sausage_party_for_free_online.pdf
- https://cdn.shopify.com/s/files/1/0434/3224/7457/files/oasis_water_coolers_parts.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008427.binfa8f86b9db80dfc0133beaab2b50b8091d26e3f6fe2ed12bd68e334651b47c39 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8427 | 5068 bytes |
font_01_sfnt_off0000954c.bin462b507db5981e48f6c63ed538042b12c4865380c2a5e253c928cb30991da279 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x954C | 9932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.