MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external links, indicating a link farm. The primary malicious URL identified is https://ttraff.cc/wix?keyword=mods+compatible+with+enderal. The ML classifier also strongly indicated maliciousness. The document body contains garbled text but does include the malicious URL and other benign-looking PDF filenames, suggesting a lure to disguise the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=mods+compatible+with+enderal
- https://static.usrfiles.com/ugd/b8c837_1f916a37441c4147a6c9d3dcfe085ef7.pdf
- https://static.usrfiles.com/ugd/b8c837_209706d215504ab29609f49a4b032d6d.pdf
- https://static.usrfiles.com/ugd/badafb_7b3a2d56ce0146d8be0250d2473261ea.pdf
- https://static.usrfiles.com/ugd/850f07_5108242946454c6ba7baf6783549e93d.pdf
- https://static.usrfiles.com/ugd/ae15ca_d7123bd22f144f43abefa387be7193c1.pdf
- https://cdn.shopify.com/s/files/1/0435/9513/7187/files/naruto_leaves_konoha_to_start_a_family_fanfiction.pdf
- https://cdn.shopify.com/s/files/1/0430/8143/3242/files/42720534169.pdf
- https://cdn.shopify.com/s/files/1/0433/7316/6757/files/keroxosadurem.pdf
- https://cdn.shopify.com/s/files/1/0430/8343/2096/files/70901042963.pdf
- https://cdn.shopify.com/s/files/1/0430/0151/2090/files/98558546864.pdf
- https://static.usrfiles.com/ugd/e8506d_a6aabe1dd68b4f93a57a9fd3fa58576d.pdf
- https://static.usrfiles.com/ugd/1849a1_5ef6223addce48e89ba597b458ec50e9.pdf
- https://static.usrfiles.com/ugd/ea2f88_a3c6f3060b824c4a8366f8edb67d50f1.pdf
- https://cdn.shopify.com/s/files/1/0433/4452/7511/files/94229120709.pdf
- https://cdn.shopify.com/s/files/1/0428/9275/5111/files/28782719280.pdf
- https://cdn.shopify.com/s/files/1/0430/1009/7313/files/bomizesilova.pdf
- https://cdn.shopify.com/s/files/1/0440/9769/9992/files/snow_on_tha_bluff_2.pdf
- https://cdn.shopify.com/s/files/1/0433/8434/0630/files/72511904436.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000056e7.bin02b3033008f95c9e7e942aa39a626aebb6d92ce8d0a2e03327f777b236a46a91 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x56E7 | 5548 bytes |
font_01_sfnt_off000069b1.bin41dac6f266340806cbc845d19cceb6a305de58977766fe1e7b45dfb105b2ca01 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69B1 | 9980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.