MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, which is also present in the document body. This link, 'https://ttraff.link/pify?keyword=kingdom+come+deliverance+bow+guide', is designed to lure users to malicious infrastructure. The PDF also exhibits characteristics of a link farm, with numerous embedded URLs pointing to external documents, suggesting a broader distribution or SEO poisoning attempt. The ML classifier strongly indicates maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=kingdom+come+deliverance+bow+guide
- https://static.usrfiles.com/ugd/b8c837_20c64357416d4a8f8f58299a4935b3b1.pdf
- https://static.usrfiles.com/ugd/f1780b_04382e78ac7d405e8b4d6741941375f9.pdf
- https://static.usrfiles.com/ugd/b8c837_aa28568802844c82bf3acaf25de470f5.pdf
- https://static.usrfiles.com/ugd/c4ccc4_a2e386f8f0344d63808e9888dcaaa9a0.pdf
- https://static.usrfiles.com/ugd/599026_9611f0a55f224ebea1c1219b1a16bef8.pdf
- https://static.usrfiles.com/ugd/760101_fae8ed56a8f949539d1427ed957a7859.pdf
- https://static.usrfiles.com/ugd/b8c837_e80f3863e9394ff49499568e03ae0785.pdf
- https://static.usrfiles.com/ugd/d94ae5_dc1bca3b84e843eb9906fe0f8a07bcce.pdf
- https://cdn.shopify.com/s/files/1/0432/5713/5257/files/21981072086.pdf
- https://cdn.shopify.com/s/files/1/0431/6587/6378/files/kipekaxux.pdf
- https://cdn.shopify.com/s/files/1/0432/6182/1092/files/xiragidepazurimedaj.pdf
- https://cdn.shopify.com/s/files/1/0431/3559/8758/files/93368881298.pdf
- https://cdn.shopify.com/s/files/1/0437/7912/9501/files/91150769599.pdf
- https://static.usrfiles.com/ugd/5d2cf3_c40d49756e1e4147824cbfa9f51ba466.pdf
- https://static.usrfiles.com/ugd/db93e9_6bbb91b2340d4575ae8907bab300c521.pdf
- https://static.usrfiles.com/ugd/b8c837_96ca8690fda74c27bbbcaf388d325fc6.pdf
- https://static.usrfiles.com/ugd/599026_699eb0afc58e4f6fbfb1838f5e116b95.pdf
- https://static.usrfiles.com/ugd/83f04e_1215274768e34747a4a2df647c7288ef.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001128b.binb00cef641048aba4cb280bb41d12cb9a4f12a330daa550ef33297542db545453 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1128B | 5344 bytes |
font_01_sfnt_off000124bb.bin77ab92e7bd846cd6319aa00013a1dc7bb1b7dc26a093f676116447577b845783 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x124BB | 10620 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.