MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a link farm. The primary malicious URL identified is ttraff.club, which is used in conjunction with a seemingly benign document title to lure users. The ML classifier also strongly indicated maliciousness. The document body contains obfuscated text and a URL, further supporting the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=study+guide+for+pharmacology+for+nurses+a+pathophysiologic+approach
- https://static.usrfiles.com/ugd/b8c837_f01de4e080714364a9ac9bfc411a4b7e.pdf
- https://static.usrfiles.com/ugd/b8c837_3654629aa2064e9a974cda5dc80845c2.pdf
- https://static.usrfiles.com/ugd/b8c837_9c9e79d1581144c1ba5652b781978cfe.pdf
- https://static.usrfiles.com/ugd/10e3af_4e5db791052e4d17a68ba8793ac2569e.pdf
- https://static.usrfiles.com/ugd/b8c837_7eed876721274d7497c164aae81da313.pdf
- https://static.usrfiles.com/ugd/b8c837_242e6c7349734ca393bb30bc558cf335.pdf
- https://static.usrfiles.com/ugd/3b0c81_836998f9bf704b94a2d2073311652821.pdf
- https://static.usrfiles.com/ugd/ae15ca_d8509704c3904926bb344c8009c90a53.pdf
- https://static.usrfiles.com/ugd/a48928_551446764049441f9bac3fa95cfff32e.pdf
- https://static.usrfiles.com/ugd/07625c_a4239f8b474d4b4084b1d39b6fab5787.pdf
- https://cdn.shopify.com/s/files/1/0440/5306/9974/files/the_astonishing_color_of_after_free_download.pdf
- https://cdn.shopify.com/s/files/1/0440/5687/1062/files/ayyappan_songs_free_starmusiq.pdf
- https://cdn.shopify.com/s/files/1/0428/3197/0471/files/wujidunipu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000048db.bin212f487fe42f05358af1950bc9946648d588edfd9ef41f8005b72b01da7a62c4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x48DB | 5776 bytes |
font_01_sfnt_off00005c61.binf22c511488962d7dbb4d75f3b622729904b248fa63826d0d5e920d3f913d20af |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C61 | 9848 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.