MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a mass external link farm and a specific link to a redirector, indicating a malicious intent to direct users to harmful content. The document body, though heavily obfuscated, contains the URL 'https://ttraff.me/wix?keyword=mike+slater+voter+guide', which is flagged as a malicious redirector. The presence of numerous PDF links suggests an attempt to manipulate search engine results or distribute further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=mike+slater+voter+guide
- https://7309ea28-59cd-42b5-ae6e-7cf905eec6d0.filesusr.com/ugd/12dc78_0277cb21cd474eecb0c53a0ac1ee16da.pdf?index=true
- https://49b3095d-32fe-4261-bca4-d38e5adfb6ff.filesusr.com/ugd/8a05ec_25f6925cc27b457c8d29dd8d05f83d08.pdf?index=true
- https://2d07996f-dcfd-4696-9a29-d9883e583e88.filesusr.com/ugd/d4579c_5731ac3ad196403dad92d21eaa265e4c.pdf?index=true
- https://77a3c922-13e4-459c-903a-536ce9ffbce8.filesusr.com/ugd/57c819_92abe3e27dad47c7b7d7699bea48caef.pdf?index=true
- https://0f5281a1-021b-4a74-a1d4-c282f24070a1.filesusr.com/ugd/0789d5_08f6a3267fc04ec18f984e0a94422365.pdf?index=true
- https://cdn.shopify.com/s/files/1/0462/3892/4960/files/total_war_warhammer_argwylon_guide.pdf
- https://cdn.shopify.com/s/files/1/0482/9711/5809/files/pvs_14_for_sale.pdf
- https://cdn.shopify.com/s/files/1/0437/0399/2485/files/33353694479.pdf
- https://cdn.shopify.com/s/files/1/0432/2839/7727/files/57493282066.pdf
- https://cdn.shopify.com/s/files/1/0433/4141/4555/files/sopejizoj.pdf
- https://cdn.shopify.com/s/files/1/0431/2937/2832/files/pubisivewulesidolobirij.pdf
- https://b45dfd07-6478-4729-8c91-2e4d0203b774.filesusr.com/ugd/f523c3_148420c6f01b425fb64aae4fe95068e9.pdf?index=true
- https://a14b9a4b-81bd-4d7b-b627-3e80d570580a.filesusr.com/ugd/1da05d_09bcdb493a024b8a9eab5e05bd221fe2.pdf?index=true
- https://5ccdf2fe-2c38-4156-8b4b-438e2455edbc.filesusr.com/ugd/e6e573_e30006d3414d4895baf4fa3ecebf6c2c.pdf?index=true
- https://eee5ea1a-5b3e-45a6-b78a-9bc3118e0be5.filesusr.com/ugd/e481ce_ee6979aca5d94b01bbd4e181dfbba758.pdf?index=true
- https://048494a7-d236-44a1-97f1-3a0ee26d0fab.filesusr.com/ugd/af0aa9_de7d78de5c8a475e88928b6a61933878.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009556.bind7dee4a9e4e892f4813be2455c2ef9e622416b683a2f692790b640fac80627a3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9556 | 5124 bytes |
font_01_sfnt_off0000a6e6.bin4ed2e8133830c968fd9091a0e5f08934e2a61418200435a969f6f07581806498 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA6E6 | 10364 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.