MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing a malicious redirector link and a large number of embedded links, indicative of an SEO link farm. The primary malicious URL identified is https://ttraff.me/wix?keyword=julcan+de+mexico+sa+de+cv. While the document body contains garbled text, the presence of numerous links suggests a deceptive or manipulative purpose, likely to lure users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=julcan+de+mexico+sa+de+cv
- https://static.usrfiles.com/ugd/2b25b5_2d46553957c648f9a6ae9306b9d09c68.pdf
- https://static.usrfiles.com/ugd/b48b60_06a0ffbabb38423487708e114f7f3855.pdf
- https://static.usrfiles.com/ugd/3826db_32abaf48ded64466937297ddc5201b04.pdf
- https://static.usrfiles.com/ugd/b8c837_de1340f1607743f594209bed08f197e5.pdf
- https://static.usrfiles.com/ugd/b8c837_951a8be07acc42fcb0759543a8036017.pdf
- https://static.usrfiles.com/ugd/76de1a_ba9bd7b4829944239f52c601fdfde5c9.pdf
- https://static.usrfiles.com/ugd/6846fe_5bf5ccf1af7449728e09f30c7fc97ba4.pdf
- https://static.usrfiles.com/ugd/b8c837_8fbd7408486747099e70b2d12ebee26c.pdf
- https://static.usrfiles.com/ugd/b8c837_36ab2292abc746c7bd03bf81886881ef.pdf
- https://static.usrfiles.com/ugd/43d598_cbc4529b64394c84bd501cf95ea207fc.pdf
- https://static.usrfiles.com/ugd/565485_2bc6447929954eb59c86886e30723ab5.pdf
- https://static.usrfiles.com/ugd/3826db_3a01256899424b6c8bd856a77cf6afb4.pdf
- https://static.usrfiles.com/ugd/bb13a2_ddd52fd59ed84d28a18c877905637578.pdf
- https://static.usrfiles.com/ugd/b8c837_af2cee9a670f4813b69f73cfc40e8136.pdf
- https://static.usrfiles.com/ugd/b8c837_6d364c43a68e4f07b13599ffe54ea286.pdf
- https://static.usrfiles.com/ugd/b8c837_9d879c01657647f4bca53c28aa17a044.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a8a.bin07ea246f58968774083337b0df87069a953e25afca40b48679fa0e6badbe2311 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A8A | 5108 bytes |
font_01_sfnt_off00007bdb.bine5700ba540ee3aecc37d398bf1899e570f2f152f237e2ebaece3374f3d617918 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BDB | 11648 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.