MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a link farm. The primary malicious URL, https://ttraff.ru/wix?keyword=jennifer+coolidge+nud, is likely used to lure victims into a phishing or malware distribution scheme. The presence of numerous links to external PDFs, many hosted on static.usrfiles.com, suggests a coordinated effort to broaden the attack surface.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=jennifer+coolidge+nud
- https://static.usrfiles.com/ugd/b8c837_46201d8eba5c486faf7cc6226747510c.pdf
- https://static.usrfiles.com/ugd/c20ea7_976204606b6749fb96a97b64e916a469.pdf
- https://static.usrfiles.com/ugd/d162e3_277b039ea9b04ba984d28bae48a56587.pdf
- https://static.usrfiles.com/ugd/cd79e3_c8751ad174d9401f8a85a728497aea97.pdf
- https://cdn.shopify.com/s/files/1/0432/5831/4912/files/midadekefabuwekiwelukufus.pdf
- https://cdn.shopify.com/s/files/1/0431/1462/7223/files/air_fuel_ratio_of_diesel_engine.pdf
- https://cdn.shopify.com/s/files/1/0433/9721/8467/files/geeksnow_icloud_bypass_free.pdf
- https://cdn.shopify.com/s/files/1/0428/3482/1287/files/725580265.pdf
- https://cdn.shopify.com/s/files/1/0433/4646/0830/files/andhra_pradesh_cabinet_ministers_list_2020_download.pdf
- https://cdn.shopify.com/s/files/1/0463/1884/6112/files/short_assured_tenancy_template_scotland.pdf
- https://static.usrfiles.com/ugd/b8c837_2e20cf22dcff4ccd9db6f99ace2f907b.pdf
- https://static.usrfiles.com/ugd/b8c837_5d850ccd029d4e1cb951f54a314fe7d0.pdf
- https://static.usrfiles.com/ugd/b9801a_b81a059c1ca74216ac4566a7b55ffdff.pdf
- https://static.usrfiles.com/ugd/61f964_da8819201a49432ea2c1ad4b26fa5c0b.pdf
- https://static.usrfiles.com/ugd/e42ee3_86e4a4e52de541898b8525c04733bf2c.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b2af.binef064230fb3483437b15f590d2dad557e33893ff3893505db207f02a513c30bd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB2AF | 4792 bytes |
font_01_sfnt_off0000c2f7.bin8c9e207551b093edcab3fc60bb3db158f0ba817799d7569fd28befefc0ea2cea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC2F7 | 3896 bytes |
font_02_sfnt_off0000d1ee.bin2c00380f90b2e30e611e2f7db503837c9f1a2ad071fa5f646cb618fef960e5aa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD1EE | 11096 bytes |
font_03_sfnt_off0000f7f7.bine5458d7b6d82539349b17fc4713a17e1381d471255c72d9f8116b7c86e08c443 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7F7 | 16168 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.