MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains a deceptive document body referencing "Workday app for pc" and embeds numerous links. One of these links, https://ttraff.link/wix?keyword=workday+app+for+pc, is identified as a malicious redirector. The PDF_MALICIOUS_REDIRECTOR_LINK heuristic confirms this, and the ML_NYX_PDF_MALICIOUS score is extremely high. The PDF_SEO_LINK_FARM heuristic indicates a large number of embedded links, likely to obscure the malicious destination. The primary attack vector is social engineering through a deceptive link.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=workday+app+for+pc
- https://cdn.shopify.com/s/files/1/0451/7157/2885/files/apnea_of_prematurity.pdf
- https://cdn.shopify.com/s/files/1/0461/6113/3720/files/5749917827.pdf
- https://cdn.shopify.com/s/files/1/0432/6300/0734/files/chiari_malformation_type_1_mri_images.pdf
- https://cdn.shopify.com/s/files/1/0433/5671/7224/files/normas_da_abnt_para_referencias_bibliograficas.pdf
- https://cdn.shopify.com/s/files/1/0427/7737/8972/files/75605281132.pdf
- https://cdn.shopify.com/s/files/1/0430/6858/8194/files/86437908249.pdf
- https://cdn.shopify.com/s/files/1/0436/1604/3168/files/creational_patterns.pdf
- https://cdn.shopify.com/s/files/1/0434/0737/6546/files/12788507953.pdf
- https://cdn.shopify.com/s/files/1/0446/3457/0915/files/android_based_attendance_system.pdf
- https://cdn.shopify.com/s/files/1/0428/2561/3475/files/kapexalenafet.pdf
- https://static.usrfiles.com/ugd/5f4192_ad7e3a3de44e4018b398235f93dcdf28.pdf
- https://static.usrfiles.com/ugd/9d7ad9_c12c17d6831247b7b78250bf017c92d1.pdf
- https://static.usrfiles.com/ugd/e2c6c1_0f2fcd6916cb4d85a61d56b392d725d8.pdf
- https://cdn.shopify.com/s/files/1/0446/9476/5724/files/80908050690.pdf
- https://cdn.shopify.com/s/files/1/0437/2113/0152/files/bharti_axa_life_annual_report.pdf
- https://cdn.shopify.com/s/files/1/0432/8679/0304/files/luxusoxaxulosifikavipor.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007d16.bin271f7d5f97eee4b71b00ed172702c2a83fd3480805f6a3964ecfaa9ba86feac6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D16 | 5120 bytes |
font_01_sfnt_off00008ead.bin5ec2a4b79033807a917c701e3d0c80bd501d21e3b06b21f024a91390a687cb61 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8EAD | 10444 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.