MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a link to a known malicious redirector, ttraff.com, which is used to lure users with search engine optimized keywords like 'birds of prey full movie free download'. The PDF also contains a mass external PDF link farm, indicating a spam or SEO abuse tactic. The ML classifier strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=birds+of+prey+full+movie+free+download+in+tamil In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://cdn.shopify.com/s/files/1/0481/2351/0935/files/marvel_strike_force_apk_download.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/8638/8136/files/49508798148.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0439/4260/9051/files/minecraft_pocket_edition_1.0.0_downl.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0484/3841/1422/files/tanapovagefemezaremuz.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0477/9782/9791/files/81082448206.pdfIn PDF document text
- https://eb725abb-63a4-49eb-9133-06a5c1dc35fb.filesusr.com/ugd/10a4aa_6cbe00f2501d4b9b86bd2da569413b9e.pdf?index=trueIn PDF document text
- https://4d3a07bd-3c16-430f-ab23-67734776f6cf.filesusr.com/ugd/dba42a_1fa221727b474724af136699f165a646.pdf?index=trueIn PDF document text
- https://1b880c0e-d67b-4e18-9b81-cd68d1fa1dd5.filesusr.com/ugd/4fea5c_c523446cf8bc4e3bb82e38ab27cffcbe.pdf?index=trueIn PDF document text
- https://1b429c51-0865-4f94-9f5a-1ecdbf3c238b.filesusr.com/ugd/1b6cec_5cd672d979a34b41b7c912e083130ca9.pdf?index=trueIn PDF document text
- https://419600ef-7838-45db-8692-35e87e8b0924.filesusr.com/ugd/e32576_c253cd99fd35413cb5c17ad7ff479337.pdf?index=trueIn PDF document text
- https://957c14e0-526b-4b94-9d2f-a67074598e9e.filesusr.com/ugd/d43733_c549ee1f28b44c35b72e40c0bb8efc41.pdf?index=trueIn PDF document text
- https://59dffc3f-fc5d-4a52-aebf-38e6e678a73d.filesusr.com/ugd/24deb6_e70e938cb5744f59bb6d71d88e2dbe18.pdf?index=trueIn PDF document text
- https://cdn.shopify.com/s/files/1/0429/5576/7967/files/55065603317.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0430/0744/3103/files/mosenidoluvitozedimalo.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0437/6241/7825/files/lewuzaro.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/7554/1919/files/descargar_pin_para_blackberry.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- https://savannah.gnu.org/projects/freefont/In PDF document text
- http://www.gnu.org/licenses/In PDF document text
- http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_009_off0001d97b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1D97B | 32948 bytes |
SHA-256: 12b8ec4b1b9ba26e2d598862dea02c555af0518dc17f86a64bcf6256b60ab179 |
|||
font_00_sfnt_off00012109.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12109 | 18156 bytes |
SHA-256: f47e2c0c94b91f3ee04f569588bd68936e82a998464a53ff68c12590eb1472f4 |
|||
font_01_sfnt_off00015bd9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15BD9 | 5488 bytes |
SHA-256: 33770bd6dd4f929f8e3701dc348e679cf513fd258d395ffc9d1feb68f91ddf7e |
|||
font_02_sfnt_off00016e4d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16E4D | 6836 bytes |
SHA-256: fc9b3319ab2c2285d93584ed494702df366c024b91ade3d5ca718b183374b13d |
|||
font_03_sfnt_off00017f80.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17F80 | 18024 bytes |
SHA-256: c00480fadc4f754b49ef91506861201b6780e8f1922ef21b9678feeebfa5128b |
|||
font_04_sfnt_off0001adaa.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1ADAA | 13420 bytes |
SHA-256: f724f9917b275083ef823d43b793e0ec6e0f9e28cb071fa4bf64731e5635408a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.