MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.ru'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, one of which is 'c3a8677c-34c3-469e-8dcd-d0a53963b3f0.filesusr.com/ugd/bc0b97_3485d3a168e24fc39468b8aa137b4adb.pdf?index=true'. The ML classifier also strongly flagged this PDF as malicious. The document body, though heavily obfuscated, contains the primary malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=the+gingerbread+man+book+pdf
- https://c3a8677c-34c3-469e-8dcd-d0a53963b3f0.filesusr.com/ugd/bc0b97_3485d3a168e24fc39468b8aa137b4adb.pdf?index=true
- https://9ae20bbe-969f-4e74-ab51-a40df3542759.filesusr.com/ugd/73cb9e_6f5af3ccc8714783a5e27119a540d0ae.pdf?index=true
- https://dda87749-8196-46d4-a516-9525622c0712.filesusr.com/ugd/895bef_71ef241ea04d4c4284c1339a63fa5cc8.pdf?index=true
- https://5318939b-3df1-4a6e-832f-080acdfb6624.filesusr.com/ugd/7e0eb0_fdeb0b03bbed4f3eb7020d003a9a3349.pdf?index=true
- https://85cc8e47-072f-423c-9ec0-246b017b4f6a.filesusr.com/ugd/c57cae_4ca2c76777574c35b4ca4948c7e5dfe8.pdf?index=true
- https://cdn.shopify.com/s/files/1/0437/0199/3622/files/99794899617.pdf
- https://7615810b-7125-46bb-bd20-9e9ac05d2912.filesusr.com/ugd/136d3d_24938f54bddb477fac8d659917d2261e.pdf?index=true
- https://fc145de0-5292-4c9a-82e9-badb4914ecd0.filesusr.com/ugd/66f3f9_518581285f58463e8a348eb4c2c0c1af.pdf?index=true
- https://4f3af5ad-6b79-4e69-98f6-3341756a896d.filesusr.com/ugd/b5472a_ad125adf337142f68324224e6e9d56ec.pdf?index=true
- https://2622017b-eb57-4142-8fca-835c510a7960.filesusr.com/ugd/3cb679_3a4595d7e70646458b8b4c29a4c59440.pdf?index=true
- https://604ade24-93e9-4efc-aec3-c3b879f11ccd.filesusr.com/ugd/4c1554_4599dd9630264bb491cd64c97236c01e.pdf?index=true
- https://fdf43040-25b1-4e58-97e2-e00b6f264227.filesusr.com/ugd/34e21e_597f33f5560f45409d6bb767bc431e22.pdf?index=true
- https://1e82a57c-1692-490b-9078-7a7270272a92.filesusr.com/ugd/d7d6cd_57cd1876b48e4500939c462f01d9bd97.pdf?index=true
- https://06b8f2b2-0900-4444-9749-36137bb24261.filesusr.com/ugd/217b8a_456593d50fd44ae8bb05b746611ea52b.pdf?index=true
- https://c1c9efaf-96ac-4c79-8d1a-2979dc98e94c.filesusr.com/ugd/b41a9a_58fe767aa6c440adaf437ce729c25192.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000522d.bin37a54ac1cbe6924f5efb93e5fc52f5e5562b941f6778b7ecfac487bb167cbf1c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x522D | 5400 bytes |
font_01_sfnt_off0000645e.binbf8b02a9ee1b8d5708fed6976e7ca5a6a9599cf5d36c05b8d8732ea0568678ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x645E | 10116 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.