MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.com/wix?keyword=my+singing+monsters+composer+island'. This indicates an attempt to redirect the user to a malicious site. The document body, though heavily obfuscated, also contains this URL, reinforcing the malicious intent. The presence of numerous external PDF links, many hosted on static.usrfiles.com, suggests a link farm or redirection strategy. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=my+singing+monsters+composer+island
- https://static.usrfiles.com/ugd/b7082a_d067e5945a8342d5a0d79ed1e1b8b1f2.pdf
- https://static.usrfiles.com/ugd/b8c837_eab64c9ed9e54033973e97e9cf7650f1.pdf
- https://static.usrfiles.com/ugd/e3325f_454a1793dc734b30944aa33a1d626930.pdf
- https://static.usrfiles.com/ugd/9757e7_323af47446ae4fbf84840828c42cec03.pdf
- https://static.usrfiles.com/ugd/b8c837_53aab9d6d5c14b72a94ac2b9ac3f740e.pdf
- https://static.usrfiles.com/ugd/b8c837_565e142e74bb4bff947d7d6f5e03d185.pdf
- https://static.usrfiles.com/ugd/b8c837_04244193227144738393786ac1a82aa0.pdf
- https://static.usrfiles.com/ugd/b8c837_46097ce2206045ce97267481e2a31680.pdf
- https://cdn.shopify.com/s/files/1/0447/3962/5111/files/publication_design_workbook.pdf
- https://cdn.shopify.com/s/files/1/0427/9464/7719/files/62183117241.pdf
- https://cdn.shopify.com/s/files/1/0448/5575/4914/files/days_until_pitchers_and_catchers_report_2017.pdf
- https://cdn.shopify.com/s/files/1/0439/0515/5227/files/american_academy_of_ophthalmology_books_free_download.pdf
- https://cdn.shopify.com/s/files/1/0437/5245/6346/files/zaxigunadifuzazaxakusegiw.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007bb3.bin31f3d30903c5d31d2c1c44daac7574be9d581bd45bfbf56459ccec90d7f57133 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BB3 | 5500 bytes |
font_01_sfnt_off00008e5c.binc05d7be8a71384bf5babfea0ccee4837be05ddc8a4fa8f9899dc91e51000b54e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E5C | 10820 bytes |
font_02_sfnt_off0000b283.bine3ec6ef259aa76b10ef5273df3c13a7bfb97705edf55ac456de8dedd9d03da4e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB283 | 16112 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.