MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link to a known malicious redirector, ttraff.club, which is likely used to obscure the final destination of the malicious payload. The document also contains a large number of links to other PDFs hosted on Shopify, suggesting a link farm or SEO poisoning tactic to improve the ranking of the malicious redirector. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=eric%2527s+ice+cream+bryan+ohio+menu
- https://cdn.shopify.com/s/files/1/0429/0795/9452/files/kindergarten_science_and_social_stud.pdf
- https://cdn.shopify.com/s/files/1/0437/6225/3975/files/dutagutisuvurod.pdf
- https://cdn.shopify.com/s/files/1/0432/8030/2244/files/anilide_formation_from_aniline.pdf
- https://cdn.shopify.com/s/files/1/0441/3744/7576/files/2986500832.pdf
- https://37e923ed-3bea-4a98-8a68-f172e4890e37.filesusr.com/ugd/ea2f88_8d8beaaac74e46a1b058eb32068b3819.pdf?index=true
- https://009fb769-e698-4f52-a1b6-72453b8dd940.filesusr.com/ugd/dcf9ad_6702b8a053744341a64ca91a67382fe5.pdf?index=true
- https://c79b6311-7e37-4ca1-84f0-2667f938a843.filesusr.com/ugd/4dd980_1ab46a0dc3964f7fb7f3e511273a8b72.pdf?index=true
- https://dad5805c-57db-4cf1-8acd-7420457ce8bf.filesusr.com/ugd/e5d5e5_6091d44f6a734bd8bdb8d4cda25e6782.pdf?index=true
- https://378e3c80-d4b8-4726-aa3a-ccc086466dee.filesusr.com/ugd/008e52_d6896e3bf505461c95b94d1c4a5d5a65.pdf?index=true
- https://81636936-31a4-4549-a421-d1ab25bb4862.filesusr.com/ugd/f35da0_96c443bb4d0c43a7a4f1d908954af3bb.pdf?index=true
- https://b2aafa75-2b90-45f8-ab2f-0a0fd841c520.filesusr.com/ugd/c70c35_7141522c384b4feab2be0a120a510eaa.pdf?index=true
- https://a04f1d48-39e1-4e4a-8fc5-5830eb2eb78f.filesusr.com/ugd/d13e1f_abfb16d247cb4fa6ab015d4235c0c370.pdf?index=true
- https://4bada83e-f28a-4d8c-8e52-cd0a3db0429d.filesusr.com/ugd/5befcb_ea4f11f1ef124183a2353dcfd1b651d2.pdf?index=true
- https://86a864f2-a8e7-4853-b393-4085d2d052e8.filesusr.com/ugd/3e7897_bd7b9839f57c4acc9db103a0e41afdfc.pdf?index=true
- https://cdn.shopify.com/s/files/1/0432/9000/1572/files/xujefulexojaxujebalefiwes.pdf
- https://cdn.shopify.com/s/files/1/0433/8837/1107/files/98127977371.pdf
- https://cdn.shopify.com/s/files/1/0431/7849/2062/files/blepharitis_patient_uk.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005acc.bin67873eb84761504faee1c634dbd1c291922f39621e8f6d20ce9f57188484c992 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5ACC | 5240 bytes |
font_01_sfnt_off00006c82.binb7b8105d86d6d5732e50bf0fa4d486c34a5947a99bbab810211ba702e71187ea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C82 | 10288 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.