MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to a redirector service (ttraff.com). This indicates a link farm or SEO poisoning attack, likely intended to lure users to malicious sites. The ML classifier strongly supports the malicious nature of this PDF.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=writing+with+skill+level+1
- https://static.usrfiles.com/ugd/b8c837_c882a1daaa0040a3a135eded686fe671.pdf
- https://static.usrfiles.com/ugd/b8c837_8bda8bdaa3984470a4fde9f2de22f781.pdf
- https://static.usrfiles.com/ugd/b8c837_1e3aef501f524f8a80b9ce4504d806b5.pdf
- https://static.usrfiles.com/ugd/b8c837_49aec9fce2f141f186f63bb2d1b46d0f.pdf
- https://static.usrfiles.com/ugd/b8c837_378f41b42f414a37bd4cc1379b8527a7.pdf
- https://cdn.shopify.com/s/files/1/0437/8791/1319/files/2142148574.pdf
- https://cdn.shopify.com/s/files/1/0437/6307/3181/files/formalits_greffe_cession_de_parts_sci.pdf
- https://cdn.shopify.com/s/files/1/0436/0772/0094/files/judiropigetopuvejisin.pdf
- https://cdn.shopify.com/s/files/1/0432/8649/5396/files/lekavesafubu.pdf
- https://cdn.shopify.com/s/files/1/0428/9724/4316/files/ubuntu_16._04_repository.pdf
- https://static.usrfiles.com/ugd/b8bbd7_2445e1d5b2d149cdaacaf9e490e074c0.pdf
- https://static.usrfiles.com/ugd/b8c837_d7e4032911c447a1b1c289acb84cc05b.pdf
- https://static.usrfiles.com/ugd/b77b08_66a7326400f5426db8ad2c5a7d24b80b.pdf
- https://static.usrfiles.com/ugd/b8c837_e8ade5e9a72a46d2a013f43be6f77b37.pdf
- https://static.usrfiles.com/ugd/2e79a6_cf86ca49f53541588b1e378cf4017b95.pdf
- https://static.usrfiles.com/ugd/b8c837_86773f71f9834cca8f6697a234a46b54.pdf
- https://static.usrfiles.com/ugd/b8c837_3a63028323c847d08fe0f16678de305c.pdf
- https://static.usrfiles.com/ugd/b8c837_c808b6b09c1e45648afa93b61cb4a8ea.pdf
- https://static.usrfiles.com/ugd/09273f_31b05ef1bf94473882c44a7356cf6a9f.pdf
- https://static.usrfiles.com/ugd/b8c837_38420233c3a5435da5df18a98cd7b2f0.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006d54.bin215d5d42caddcff34e7fff38c28eb2f6c5fd1cca298f5dec5d6bc7be4c3f5e19 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D54 | 5016 bytes |
font_01_sfnt_off00007e89.bin1895794464b78d0ec775ed51f6a6230d666194e057179fe4db75d139178fe5db |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E89 | 10212 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.