MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was flagged by multiple critical heuristics for containing a malicious redirector link and a large number of external PDF links, suggesting a link farm or redirection scheme. The primary malicious URL identified is 'https://ttraff.cc/pify?keyword=does+accrued+expenses+go+balance+sheet'. The ML classifier also strongly indicated maliciousness. No scripts were extracted, and the document body was heavily obfuscated, preventing a deeper analysis of the content's intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=does+accrued+expenses+go+balance+sheet
- http://files.hickmanfootball.com/uploads/1/3/0/7/130776788/kamubumul-dobozokowobiz.pdf
- http://files.omsbands.com/uploads/1/3/1/3/131379037/8150706.pdf
- http://files.leedstriathloncentre.co.uk/uploads/1/3/0/7/130776632/tabepadusesalonu.pdf
- http://files.mobilemountsolutions.com/uploads/1/3/1/0/131069890/vanojol.pdf
- http://files.xoskshop.com/uploads/1/3/0/7/130775536/jalejurogamenusatena.pdf
- http://files.xoskshop.com/uploads/1/3/0/7/130
- https://cdn.shopify.com/s/files/1/0428/5811/9334/files/pafiwipavavaxamori.pdf
- https://cdn.shopify.com/s/files/1/0431/2514/5760/files/24221928924.pdf
- https://cdn.shopify.com/s/files/1/0434/7723/7917/files/76697127233.pdf
- https://cdn.shopify.com/s/files/1/0429/6399/2742/files/65312960494.pdf
- https://cdn.shopify.com/s/files/1/0428/4855/1068/files/67900727513.pdf
- https://cdn.shopify.com/s/files/1/0432/4478/1735/files/80244941310.pdf
- https://cdn.shopify.com/s/files/1/0433/6081/3208/files/tezitulodareraguseki.pdf
- https://cdn.shopify.com/s/files/1/0438/3234/4736/files/53794978893.pdf
- https://cdn.shopify.com/s/files/1/0427/6014/3014/files/minapelukegewoj.pdf
- https://cdn.shopify.com/s/files/1/0431/5663/5816/files/vugugobupepixosol.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/48975286879.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/70838758317.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/gobobuxewinunegurugita.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000716c.bin9428f6f185822e56513d7a5a2859c9b2b80ae97d2cf5a08c0090c6dc16a3a283 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x716C | 5376 bytes |
font_01_sfnt_off000083ad.binb2c2616bb4d8ade3b3f2b1948390207fd82b163a039b998e0ce558741aa1b2f8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x83AD | 10468 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.