MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.com/wix?keyword=caution+you+have+been+penalized'. This indicates a phishing or scam attempt where the user is lured to a malicious site. The document body, though heavily obfuscated, contains the same URL, reinforcing the malicious intent. The presence of a large number of external PDF links also suggests a link farm, a common tactic in SEO poisoning and phishing campaigns.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=caution+you+have+been+penalized
- https://static.usrfiles.com/ugd/8b97dd_8895b628467a40c985c1d2d43a21b8e0.pdf
- https://static.usrfiles.com/ugd/b8c837_1da03f9d3e2b4837b959e841f6fcccd5.pdf
- https://static.usrfiles.com/ugd/b8c837_1868644f22254e8fa3d860ac5f3c841c.pdf
- https://static.usrfiles.com/ugd/23e9be_64bcf470ea53420784901ded1846e5f7.pdf
- https://static.usrfiles.com/ugd/15d534_8e1dc46e086040d0b1cf59b276b3f74e.pdf
- https://cdn.shopify.com/s/files/1/0432/2911/8627/files/fashion_nova_jeans_size_guide_australia.pdf
- https://cdn.shopify.com/s/files/1/0433/9512/1319/files/becoming_a_prayer_warrior_by_elizabeth_alves.pdf
- https://cdn.shopify.com/s/files/1/0432/2312/2084/files/fakavaxuzanepodine.pdf
- https://cdn.shopify.com/s/files/1/0431/7741/0720/files/zagokuxu.pdf
- https://static.usrfiles.com/ugd/b8c837_fb0b068f3bd44d729797f132ed3b1342.pdf
- https://static.usrfiles.com/ugd/b8c837_2194ea78d2544d08ad7d57aa5fd3d928.pdf
- https://static.usrfiles.com/ugd/affb4a_45bdb6f3a2c943d4bfde22815529dd07.pdf
- https://static.usrfiles.com/ugd/067ecb_96e61574894b42d5acd8f36b4d035d7d.pdf
- https://cdn.shopify.com/s/files/1/0433/9816/8743/files/40123953875.pdf
- https://cdn.shopify.com/s/files/1/0430/1763/3949/files/xidimatosejo.pdf
- https://cdn.shopify.com/s/files/1/0431/4939/4080/files/mugetufuzepixisomedu.pdf
- https://cdn.shopify.com/s/files/1/0433/9888/9635/files/vokidixazuxuderasalus.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000066f2.bin261d8eadadfb313d28e5d1b2c45a471f0c1e1824ba5ce6a2bffc66fcc52a5405 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66F2 | 5032 bytes |
font_01_sfnt_off0000781a.bin547ad7a0426ceedec2d029134768bf64322d418e581f73c6d90197a48db8297a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x781A | 10756 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.