MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.cc/pify?keyword=program+directv+remote+to+vizio'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded links, including one to 'https://cdn.shopify.com/s/files/1/0432/5769/2315/files/pisukerizetipijameli.pdf'. The document body, though heavily obfuscated, contains fragments that appear to be related to the link's keyword, suggesting a lure for the user to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=program+directv+remote+to+vizio
- http://files.wlcbands.com/uploads/1/3/1/6/131607712/2769e0d94.pdf
- http://files.stefanomitrione.org/uploads/1/3/1/4/131438299/xixozikelata.pdf
- http://files.kegarland.com/uploads/1/3/1/4/131438193/nebiru.pdf
- http://files.nooracademyonline.com/uploads/1/3/2/6/132681390/8141325f7274f6f.pdf
- https://cdn.shopify.com/s/files/1/0432/5769/2315/files/pisukerizetipijameli.pdf
- https://cdn.shopify.com/s/files/1/0430/1278/4277/files/79617944993.pdf
- https://cdn.shopify.com/s/files/1/0428/9072/3487/files/52610633412.pdf
- https://cdn.shopify.com/s/files/1/0431/1931/3053/files/java_break_statement.pdf
- https://cdn.shopify.com/s/files/1/0438/3621/1357/files/fibuvinamuvexiwu.pdf
- https://cdn.shopify.com/s/files/1/0429/9603/9839/files/xujerusevixivewulisipit.pdf
- https://cdn.shopify.com/s/files/1/0430/3421/4561/files/52318868845.pdf
- https://cdn.shopify.com/s/files/1/0433/0081/4998/files/taxukitimit.pdf
- https://cdn.shopify.com/s/files/1/0434/5279/2982/files/sulenagamaz.pdf
- https://cdn.shopify.com/s/files/1/0434/5528/3350/files/23718843432.pdf
- https://cdn.shopify.com/s/files/1/0431/0558/3266/files/73703546833.pdf
- https://cdn.shopify.com/s/files/1/0430/8549/6482/files/5216985828.pdf
- https://cdn.shopify.com/s/files/1/0430/8818/3456/files/12174077827.pdf
- https://cdn.shopify.com/s/files/1/0429/3741/7887/files/61730525759.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000656d.bin6fa36430b925c8f52bc9dc9ff9d9ed1de80786629f10bb7c0223b09d39793188 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x656D | 5160 bytes |
font_01_sfnt_off000076f0.bin4413417a2e1d84746d18c9c63107466ea392c319d3fa8aed2c807395bcb4f91d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76F0 | 9852 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.