Malware Insights
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=cuantificaci%25C3%25B3n+de+adn+gen%25C3%25B3mico+por+nanodrop'. This URL is likely part of a phishing or scam campaign, attempting to lure users with a seemingly relevant search result. The document body, though heavily corrupted, contains fragments of the same URL and metadata indicating it was generated by wkhtmltopdf, a tool often used to create malicious PDFs. The presence of numerous other links, many pointing to Shopify, suggests a link farm or SEO poisoning tactic to obscure the malicious destination.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=cuantificaci%25C3%25B3n+de+adn+gen%25C3%25B3mico+por+nanodrop
- https://cdn.shopify.com/s/files/1/0429/0641/9367/files/ielts_academic_writing_task_2_examples.pdf
- https://cdn.shopify.com/s/files/1/0430/7743/5556/files/25412045719.pdf
- https://cdn.shopify.com/s/files/1/0432/3111/7467/files/24484342046.pdf
- https://cdn.shopify.com/s/files/1/0429/7441/2949/files/86696366252.pdf
- https://static.usrfiles.com/ugd/0047a4_683ea67bfcbe4a27a5e8807194d8390f.pdf
- https://static.usrfiles.com/ugd/cdb50c_9bfa6183fb1549608b577bb88bd16f52.pdf
- https://static.usrfiles.com/ugd/49be48_80addb10393e4008a47b30c629f526d9.pdf
- https://cdn.shopify.com/s/files/1/0447/9811/6006/files/wallpaper_city_guide_berlin_app.pdf
- https://cdn.shopify.com/s/files/1/0431/2806/2109/files/duwemot.pdf
- https://cdn.shopify.com/s/files/1/0430/0419/9075/files/lagu_bungong_jeumpa_berasal_dari_aceh.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/42386580717.pdf
- https://cdn.shopify.com/s/files/1/0432/3350/9534/files/2013_ford_fusion_manual.pdf
- https://cdn.shopify.com/s/files/1/0428/1283/3959/files/belisizir.pdf
- https://cdn.shopify.com/s/files/1/0431/0948/2658/files/10618898681.pdf
- https://cdn.shopify.com/s/files/1/0431/4107/1016/files/xuxoluf.pdf
- https://cdn.shopify.com/s/files/1/0437/7555/7793/files/midevijemekulakonuz.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000725d.bine6a070d69ddaa9420c95264fb3401b2244250a75a3fbf449145b04301aee01a1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x725D | 5308 bytes |
font_01_sfnt_off00008414.bin28c4c2e385999f41a46e741e95e04a7fb1362bb8e2f253f4cf3142f82a47a8c6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8414 | 11696 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.