MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.com', which is used in conjunction with a lure for 'dermeva anti-wrinkle serum reviews'. The ML classifier also strongly flagged this PDF as malicious. The presence of numerous embedded links, many pointing to external PDF files, suggests a link farm or SEO spamming technique to distribute malicious content. The primary malicious IOC is the redirector URL.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=dermeva+anti-wrinkle+serum+reviews
- https://b15c6026-e9c5-47d4-ad3f-0149d6430129.filesusr.com/ugd/8a5fcf_718c30ad0a0f446e9d1b57d2e2e80570.pdf?index=true
- https://5ea0cf8d-fc9c-4ab8-a5d1-9d287b306120.filesusr.com/ugd/754d94_5f56b783bd2c41cf85fd2e569f693105.pdf?index=true
- https://4dff27e3-ac81-4031-a466-e0951177fc6a.filesusr.com/ugd/a18aa6_65b43e4a548f47319e7fad8f417d7925.pdf?index=true
- https://545c62e4-4ca5-47dc-bd29-03bd3b922b1e.filesusr.com/ugd/4ae4db_f8b790668e0a47478b5e984046a31db1.pdf?index=true
- https://cc7932b2-0e31-45bf-a9d2-64a845fb3eee.filesusr.com/ugd/8acad3_6f1eadbf8e7945fd91aba4c942ad0b2c.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/2982/2625/files/water_flower_wallpaper_for_android.pdf
- https://cdn.shopify.com/s/files/1/0434/3519/6566/files/1334458490.pdf
- https://cdn.shopify.com/s/files/1/0479/3863/3895/files/95751579647.pdf
- https://cdn.shopify.com/s/files/1/0439/4529/6027/files/18540481299.pdf
- https://cdn.shopify.com/s/files/1/0438/9843/7784/files/texukarefipixinix.pdf
- https://cdn.shopify.com/s/files/1/0484/8192/7318/files/45680361359.pdf
- https://cdn.shopify.com/s/files/1/0428/4314/4355/files/poetry_terms.pdf
- https://cdn.shopify.com/s/files/1/0479/3597/9676/files/gebisukajilofuboledifu.pdf
- https://e869614b-5dc5-4c3b-95a2-db77a3b1a6c5.filesusr.com/ugd/43d598_3c38a64a57a746078f42aae061633e7d.pdf?index=true
- https://7009b127-e252-4516-81eb-47485dfe9b05.filesusr.com/ugd/e6e573_8548bf045b264399bb12918ab56f4ff4.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fe3d.binaeeed1ced8e68d5e222b0bbfa26bb94b9fb96849973173ef227e83ad1a053673 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE3D | 5076 bytes |
font_01_sfnt_off00010f8c.binaf10ce602052726b8e2a6f4a231590be51a1a4f05af6048e8ea492f65d2d56a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F8C | 14808 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.