MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains multiple embedded links, with one identified as a malicious redirector. The document body, though heavily obfuscated, contains text that appears to be a lure related to 'Super Mario Bros.' and the malicious URL. The presence of a link farm suggests an attempt to distribute malicious content or engage in SEO poisoning. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=super+flash+mario+bros.+action
- http://ridajo.otterbourneparishcouncil.org/uploads/1/3/1/8/131856590/7058241.pdf
- http://files.bluestone406.net/uploads/1/3/0/8/130814397/raridina_vidigurum_nawoxur_roteruxosalega.pdf
- https://c6d6e2a8-d382-4782-80d2-5fac6f8d9af0.filesusr.com/ugd/8acad3_69e22543770440c4b8115841ad330b03.pdf?index=true
- https://86d1bf27-e9fc-4f6e-af66-c9f15f67a591.filesusr.com/ugd/460efe_d3b760bb66bd44d7a72c156e1b551c8c.pdf?index=true
- https://8b49de70-13cc-441d-ad6a-d8197dca1703.filesusr.com/ugd/7dd30d_2f148755076a4314828aa09062e47676.pdf?index=true
- https://16812362-1d96-4e1f-bcd4-97659c76cebe.filesusr.com/ugd/f99735_e362cc2275774830b7bd9bb8a2d6e6f1.pdf?index=true
- https://cdn.shopify.com/s/files/1/0439/1885/2264/files/seluwiwimute.pdf
- https://cdn.shopify.com/s/files/1/0431/3353/4357/files/zosaxebazot.pdf
- https://b5ef0745-38fa-4457-8ca0-4bf20bc64d46.filesusr.com/ugd/f1780b_a14b390182414794864ca9671e0b44c6.pdf?index=true
- https://23c6e5a5-d0da-4185-b800-a59825db5807.filesusr.com/ugd/565485_2daa4fe856104bf0b50fad835ebfcf5c.pdf?index=true
- https://5606ee79-221a-412b-a8b0-8ad153bacc0f.filesusr.com/ugd/9ea9b6_5f6d5b83e3ed4f3aafa430e1b2745ee5.pdf?index=true
- https://439b7e0c-4a0c-4a6b-9a90-bb14718fec15.filesusr.com/ugd/7603ae_7968e256c2ba40eab2bcef4a631857d2.pdf?index=true
- https://40506327-5c04-473b-837d-7847d07e02ab.filesusr.com/ugd/1b6cec_b37aa81016a249ef9c1bcc87ae2eb8a6.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000653a.bind2b7863972165db13ec8354c3c0dd6f27af34ca351b2af14e38c4fa1e02d777d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x653A | 5528 bytes |
font_01_sfnt_off000077db.binc195e30a329867108511e98bd58030457393bded779fd039ff2b1301bf0186df |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77DB | 10348 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.