MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with a critical heuristic identifying a link to a known malicious redirector. The document body, though heavily obfuscated, contains references to 'sims 3 bait' and multiple URLs, reinforcing the lure. The ML classifier strongly indicates maliciousness. The primary attack vector appears to be a link farm designed to redirect users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=sims+3+bait
- http://zinamako.shopclassycactus.com/uploads/1/3/1/6/131607254/9592172.pdf
- http://zibujen.lakeodessaarts.com/uploads/1/3/1/4/131454215/tosivepekivo.pdf
- https://2eb5464b-1022-4f7c-a641-5d0e5e2d6f4a.filesusr.com/ugd/cf14a4_7495e1463bd54e58af1141a1509e5000.pdf?index=true
- https://f894bf54-4763-4c5b-8fa6-35fa85f991dc.filesusr.com/ugd/3be48b_ca58ef98e3644643885290064810366e.pdf?index=true
- https://7206a645-3a3e-45e9-a2b1-2b8fbd0ca64f.filesusr.com/ugd/4aae87_4ed554a58c7040bda18d7a4a9441f690.pdf?index=true
- https://36517077-16e9-4037-8da4-869edb281d9e.filesusr.com/ugd/ce4b7c_db921f1cd4a944b483fb22fbd7a59fc6.pdf?index=true
- https://16835c64-8807-4db1-a871-9e038ebd45a9.filesusr.com/ugd/e2c223_dc81b44115294e87938b480960d667bb.pdf?index=true
- https://76f2f2d8-b031-4be6-a1c2-e326a27e86fc.filesusr.com/ugd/132250_9904082d62ad47fb840f790dcdf3b33a.pdf?index=true
- https://3045715f-0b76-4f19-a4ff-6581fd7db0c4.filesusr.com/ugd/39a0fd_d634006f24174c60aa7acdf8b97057f2.pdf?index=true
- https://b34a103c-522e-495c-ab8d-37c87e9ce60a.filesusr.com/ugd/6bb4a2_9e202096804048a6a2e3f233dfbd6779.pdf?index=true
- https://c0647257-32e8-4f13-9048-12625d59bc0e.filesusr.com/ugd/8d46c2_3fc3bf2f00be4a89bfc0d8313fb99393.pdf?index=true
- https://3890aa4c-99a9-4be7-a114-849a51491a78.filesusr.com/ugd/66f3f9_48ff241b5a7b4d9399c90bbcad33dd9a.pdf?index=true
- https://6d70f03d-0cc2-4fcd-8b94-d48044c97b31.filesusr.com/ugd/d7d6cd_2037b32789b248498d9d07da97755718.pdf?index=true
- https://dbf64e23-b4bf-4db0-938f-8b0600c21a0f.filesusr.com/ugd/3ce946_3b5dec96f90e4f15a62886b9750164a7.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000076e0.binf69a2b082c38c84de170fbef80e9faa5eef87fc8851e66341861d9158dc7593c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76E0 | 4564 bytes |
font_01_sfnt_off0000863e.bin876a5feddda8b09def0509f5a047d9f40e85522ddcee746c40494c93c585747c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x863E | 10104 bytes |
font_02_sfnt_off0000a8da.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA8DA | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.