MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.com'. The document body, though heavily obfuscated, contains the same URL and references software downloads, suggesting a social engineering lure. The presence of numerous benign-looking PDF links on Shopify, while suspicious in aggregate, does not directly contribute to the maliciousness of this specific file beyond indicating a potential link farm strategy.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=eclipse+neon+4.+6++for+windows
- https://cdn.shopify.com/s/files/1/0429/3004/5091/files/general_mathematics_book.pdf
- https://cdn.shopify.com/s/files/1/0465/2800/4254/files/bubble_sheet.pdf
- https://cdn.shopify.com/s/files/1/0464/5499/7160/files/fegokisepizazo.pdf
- https://cdn.shopify.com/s/files/1/0434/6154/2054/files/99135591942.pdf
- https://cdn.shopify.com/s/files/1/0429/2093/5590/files/ese_lightning_arrester_working_principle.pdf
- https://cdn.shopify.com/s/files/1/0435/0584/4390/files/documentation_template_github.pdf
- https://cdn.shopify.com/s/files/1/0434/2362/9477/files/isa_international_standards_on_auditing.pdf
- https://cdn.shopify.com/s/files/1/0433/8253/8403/files/co_operative_housing_society_bye_laws_in_marathi.pdf
- https://cdn.shopify.com/s/files/1/0434/6229/5714/files/xotetejap.pdf
- https://static.usrfiles.com/ugd/1d64af_c46917e2d7fe429596e359181bcb18b2.pdf
- https://static.usrfiles.com/ugd/b5472a_9d760720c90948d494dd3e3aeaa41712.pdf
- https://static.usrfiles.com/ugd/a44510_4722fd3a39ea4d51aeef3669f06a5773.pdf
- https://static.usrfiles.com/ugd/f84671_5ba72d5a3546489594dc2eb2c5734c06.pdf
- https://static.usrfiles.com/ugd/1cfe37_eef35b8a62fd4c4ca7a96a47a4c02446.pdf
- https://static.usrfiles.com/ugd/9ea91e_fae0a959a3a745029f1b0f545c5f801c.pdf
- https://static.usrfiles.com/ugd/3aca14_abb3ae8a0de84ba2b787484b33587662.pdf
- https://static.usrfiles.com/ugd/2486b5_459c910f8fdf4d1cbcfee2ac6032c600.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000649a.bin8010b6f3874ac7397d55445417a7b14d47d22c53ba264449014b3400f0a8d72f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x649A | 5260 bytes |
font_01_sfnt_off000076b6.bin8c2f004b385c1a1481792131bf1cc749780e80753b955c5e3f78d071c9d5341b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76B6 | 10880 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.