MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.ru/wix?keyword=caterpillar+c12+service+manual'. This URL is presented within the document body, suggesting a social engineering lure to trick users into clicking it. The PDF also exhibits characteristics of a link farm, with numerous links to external PDFs, further indicating malicious intent. The ML classifier strongly supports the malicious verdict.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=caterpillar+c12+service+manual
- https://static.usrfiles.com/ugd/97634b_797f8da0daba462b80539a41ba5a050b.pdf
- https://static.usrfiles.com/ugd/837d34_12ddec07954247e4a91be925ff3ef918.pdf
- https://static.usrfiles.com/ugd/3e9e83_11a86ebfc5734cb9b8ef6a34e056ab61.pdf
- https://static.usrfiles.com/ugd/b8c837_c5751e6bda844f2b8fa809d0d9be069e.pdf
- https://static.usrfiles.com/ugd/b8c837_d3529a7718384a91b1ecc048e9274b41.pdf
- https://static.usrfiles.com/ugd/b8c837_fb9a9745171f4fb78018aa215484b74f.pdf
- https://static.usrfiles.com/ugd/77d535_701220482a4c440b8a0c2e6bada829fd.pdf
- https://static.usrfiles.com/ugd/b8c837_0588d48a38b3407ba93de509ed60e423.pdf
- https://static.usrfiles.com/ugd/0adedf_042c41ff7a424bd78a56dbca3a721f58.pdf
- https://static.usrfiles.com/ugd/7ea8bb_5628859ac57a4bf0bd3436bec814612f.pdf
- https://static.usrfiles.com/ugd/b8c837_da0e981594ba4776892747714e25d664.pdf
- https://static.usrfiles.com/ugd/b8c837_0c283542dd054f8287c4545160b60715.pdf
- https://static.usrfiles.com/ugd/b8c837_9c71c59435294bb49a24a87059cfecf8.pdf
- https://static.usrfiles.com/ugd/3b47cb_f8670953f90d4a2192efbd32ca89609d.pdf
- https://static.usrfiles.com/ugd/0ebc1f_d127470d2db94ebfb12ccf1fafc2db12.pdf
- https://static.usrfiles.com/ugd/7ef0dc_c24cfe52dfaa4302b0f2901257f8c725.pdf
- https://static.usrfiles.com/ugd/b8c837_9a36e93acd664a8b90e6c3864820f749.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/7ea8bb_5628859ac57a4b
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007633.binb42eb75d18a2ce2ea6601da536211f86f7bc4b8398d2fa22a59ee6b16f6b32e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7633 | 5228 bytes |
font_01_sfnt_off000087e8.bin665e8c33b0db74e5858e2962357687f9fdc8612be68e5fc735df727dc60d5718 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x87E8 | 10504 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.