MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file exhibits characteristics of a link farm, containing numerous embedded URLs. One prominent URL, 'https://ttraff.com/wb?keyword=santa%20rosa%20petaluma%20rohnert%20park', is flagged as a malicious redirector. The ML classifier also strongly indicated maliciousness. The presence of a large number of external links suggests an attempt to lure users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=santa%20rosa%20petaluma%20rohnert%20park
- http://files.cdietconnections.com/uploads/1/3/1/4/131483153/luwis.pdf
- http://files.terynraephotography.com/uploads/1/3/1/6/131637362/lovukazifesupezile.pdf
- http://kokabik.anatomy-demystified.com/uploads/1/3/0/8/130814004/46c2d7ce6f.pdf
- http://dosirako.lamarvetclinic.com/uploads/1/3/0/7/130739930/e7fcd.pdf
- http://jumizozap.aaron-delane.com/uploads/1/3/1/4/131454065/nirenorixuwor.pdf
- https://c2e6c328-895b-4e8d-b331-b3d4b01a347d.filesusr.com/ugd/e2b09b_83a7a3ec1db344f68b7e5907c9af0bdd.pdf?index=true
- https://046271e0-5544-4b74-9052-808681b28479.filesusr.com/ugd/2994dd_d82977ef085c4c598a4996df0858ba6f.pdf?index=true
- https://1d3742af-7874-477e-85ac-9cf69a4c9358.filesusr.com/ugd/035627_852d601bb5204ba08a8ee3c4da8f6ec7.pdf?index=true
- https://ee5d3b3d-c978-4131-a8b7-88c7f147152c.filesusr.com/ugd/7be1cd_5b084dba731d45d9a03368de3098ec2a.pdf?index=true
- https://b513b5a0-02f9-466b-b0d7-dc9d84107f6a.filesusr.com/ugd/eaf48f_b56e78eab1824683b5a01bf331971282.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/0981/0343/files/gasorositavifokuni.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/jonexosorovofevovu.pdf
- https://cdn.shopify.com/s/files/1/0436/1607/5939/files/enrique_iglesias_bailamos_song.pdf
- https://cdn.shopify.com/s/files/1/0436/4474/7929/files/5390692810.pdf
- https://cdn.shopify.com/s/files/1/0432/5038/5051/files/91898884414.pdf
- https://cdn.shopify.com/s/files/1/0433/5229/3541/files/scrum_daily_standup_template.pdf
- https://cdn.shopify.com/s/files/1/0431/8530/7810/files/dodilujunomovojimowedokol.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007227.bin15b36f60ad18a98ef580bd68cc91e99d85af43920d34a80739bd15af52393ee0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7227 | 5228 bytes |
font_01_sfnt_off000083bb.bine8ce62ad81b57f8f5a6e4d0d095064d1d4fe21c9c303c93e3381be185849ce52 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x83BB | 10472 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.