MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, contains text fragments that appear to be search terms, suggesting a lure for users searching for content. The presence of a link farm heuristic further indicates a malicious intent to redirect users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=bhai+mera+bhai+song++pagalworld
- https://static.usrfiles.com/ugd/b8c837_1bc86fc5fac14d61b37474c2b72f5a14.pdf
- https://static.usrfiles.com/ugd/b8c837_eed5214769894018ade179f2bcb6e221.pdf
- https://static.usrfiles.com/ugd/b8c837_b5009b7e0648479da9d0f5f178712a56.pdf
- https://static.usrfiles.com/ugd/b8c837_a60104e521124fb1bae5ac2a736543af.pdf
- https://static.usrfiles.com/ugd/b8c837_681d5d5fb3eb4682a5c791d1f1f60db0.pdf
- https://static.usrfiles.com/ugd/b8c837_20c64357416d4a8f8f58299a4935b3b1.pdf
- https://static.usrfiles.com/ugd/b8c837_30d116d5c4464b2aa41efacc73b5b770.pdf
- https://static.usrfiles.com/ugd/b8c837_37cc14b2892646c79dc8fb92c192adb8.pdf
- https://cdn.shopify.com/s/files/1/0450/6284/8664/files/53135601691.pdf
- https://cdn.shopify.com/s/files/1/0433/0982/6213/files/84689770411.pdf
- https://cdn.shopify.com/s/files/1/0434/6360/6422/files/46070691288.pdf
- https://cdn.shopify.com/s/files/1/0432/0775/3888/files/91694988359.pdf
- https://cdn.shopify.com/s/files/1/0436/8039/9513/files/vedenuzogigorevuri.pdf
- https://static.usrfiles.com/ugd/b8c837_fa7970f8d3f5486ba68204eadbf8bc0c.pdf
- https://static.usrfiles.com/ugd/b8c837_ef5e09b7eced42b080408b2561c9aa22.pdf
- https://static.usrfiles.com/ugd/b8c837_9800b51d04f245bdb5d3dc1c43cfac2a.pdf
- https://static.usrfiles.com/ugd/b8c837_1279f4279e6c4c0781e816f778503051.pdf
- https://static.usrfiles.com/ugd/b8c837_04d372d4222e41629291238f91e34fef.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000568a.bin2f9db369babdc4ff1a1d51c113a07af328858e1b1b814414dca9a0eb6fe815af |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x568A | 5652 bytes |
font_01_sfnt_off000069a4.binfa52eb55fd89be902c7864ae923f4db63b4b4078c35e51ccf5bb789ef17d34cd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69A4 | 10668 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.