MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, which is also present in the document body. This indicates a phishing attempt to redirect users to malicious infrastructure. The presence of numerous other PDF links, many hosted on Shopify, suggests a link farm or SEO poisoning tactic to improve search engine visibility for malicious content. No scripts were extracted, limiting the analysis of further payload delivery.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=kalendarz%20liturgiczny%202019%20pdf%20katowice
- http://files.wakefieldperformingarts.com/uploads/1/3/1/4/131437423/b65388ebed.pdf
- http://files.backyardheavens.com/uploads/1/3/2/8/132816106/ridiloviv.pdf
- http://files.rockymtnblueticks.com/uploads/1/3/0/9/130969313/pamugup-wonafiga.pdf
- http://files.katsmodernizedhomedecor.com/uploads/1/3/1/4/131453484/sonumiwikibebazekubu.pdf
- http://files.rockymtnblueticks.com/uploads/1/3/0/9/130969313/pamugup-wo
- https://cdn.shopify.com/s/files/1/0431/0227/3697/files/jemuwoxijifivefudax.pdf
- https://cdn.shopify.com/s/files/1/0428/0313/4627/files/39005839944.pdf
- https://cdn.shopify.com/s/files/1/0429/8381/7375/files/34389509743.pdf
- https://cdn.shopify.com/s/files/1/0432/8102/3140/files/nilotelulupakasejo.pdf
- https://cdn.shopify.com/s/files/1/0430/0632/8995/files/38907248690.pdf
- https://cdn.shopify.com/s/files/1/0429/7719/8229/files/77518955657.pdf
- https://cdn.shopify.com/s/files/1/0430/6563/9069/files/4841046446.pdf
- https://cdn.shopify.com/s/files/1/0434/3165/7624/files/68613009886.pdf
- https://cdn.shopify.com/s/files/1/0435/9480/9512/files/how_to_mod_ps3.pdf
- https://cdn.shopify.com/s/files/1/0431/4379/0760/files/47675297771.pdf
- https://cdn.shopify.com/s/files/1/0436/5022/0185/files/vejoraluvuravonuto.pdf
- https://cdn.shopify.com/s/files/1/0431/5522/6773/files/piano_music_theory.pdf
- https://cdn.shopify.com/s/files/1/0434/3532/7653/files/mogudiz.pdf
- https://cdn.shopify.com/s/files/1/0433/8135/8759/files/26500322270.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ab27.bin1dc82c178240d0899889260f9dee515d3f70e60b77c792b5043e47e8ad51b9cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAB27 | 5452 bytes |
font_01_sfnt_off0000be29.bine196d2b7440d7186372100dcd45009a52ddded392c6819dd61f5685983f39e5b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBE29 | 5904 bytes |
font_02_sfnt_off0000d278.binfff4deb5213e4b3ecfa6c01d30c19d4979450dca6c7c34bd2262d1ace306f811 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD278 | 11360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.