MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to a lure for a "growtopia hack free account". The document body also contains this URL and numerous other links, many hosted on Shopify, suggesting a link farm or redirection strategy. The ML classifier also strongly flagged this PDF as malicious. The primary attack vector appears to be social engineering via a deceptive link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=growtopia+hack+free+account
- https://cdn.shopify.com/s/files/1/0428/8570/9987/files/54411598354.pdf
- https://cdn.shopify.com/s/files/1/0430/0383/8615/files/chemical_process_control_stephanopoulos_solutions.pdf
- https://cdn.shopify.com/s/files/1/0430/9182/0711/files/62507333199.pdf
- https://cdn.shopify.com/s/files/1/0437/7015/1061/files/nasujoravefibodomu.pdf
- https://cdn.shopify.com/s/files/1/0433/9302/4158/files/pawesakafaxipebasewoneza.pdf
- https://c322a4f3-4a5c-43d6-b6a9-aec1b6a5b430.filesusr.com/ugd/0c60a0_278b29ef45344127aed1f53570b9c09a.pdf?index=true
- https://47a3c176-eb10-4ee7-8020-e2e811083bf7.filesusr.com/ugd/3bcfef_ef2bcfa7cdd24b0d8c49d48eb3dfb154.pdf?index=true
- https://bbab41ba-e629-4e42-b3ae-55d087131401.filesusr.com/ugd/f0e51d_7dd582c9ea9f4f30987449b034ab77fa.pdf?index=true
- https://cdn.shopify.com/s/files/1/0430/4447/0933/files/vivifeturufiw.pdf
- https://cdn.shopify.com/s/files/1/0430/9847/2605/files/finger_entrapment_guidelines_us.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005c19.bin4a384dac90b1b7752acd43440bb68195314a60f7502d99bf4955499c115fc521 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C19 | 4960 bytes |
font_01_sfnt_off00006cff.bineb5d02363a396e0fa21c70c01545f026861f8324d2cc4e0aea8d71f4f714040f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CFF | 1912 bytes |
font_02_sfnt_off00007640.bin11223a755512056e3d5546bb6995ea8185cbd94c9f544713fe7153d1cf224499 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7640 | 10536 bytes |
font_03_sfnt_off00009a73.bin1be7eb5a73e5c42b43b1e430d914ba1fec6893714c42a2482f1d58568ad107cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A73 | 16120 bytes |
font_04_sfnt_off0000af5f.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAF5F | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.