MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link to a known malicious redirector, disguised as a worksheet answer key. The PDF_MALICIOUS_REDIRECTOR_LINK heuristic firing confirms this. The PDF_SEO_LINK_FARM heuristic indicates the document is part of a larger link farm, likely for SEO poisoning or distributing malicious content. The ML_NYX_PDF_MALICIOUS classifier also strongly suggests malicious intent. The embedded URL is the primary indicator of compromise.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=codominance+and+incomplete+dominance+worksheet+answers
- https://cdn.shopify.com/s/files/1/0432/0457/5387/files/54326625193.pdf
- https://cdn.shopify.com/s/files/1/0431/3051/9709/files/49517948212.pdf
- https://cdn.shopify.com/s/files/1/0454/8503/1576/files/gejuzubarag.pdf
- https://cdn.shopify.com/s/files/1/0433/7988/4186/files/camera_apk_pixel_3.pdf
- https://cdn.shopify.com/s/files/1/0435/4729/5898/files/27420531628.pdf
- https://cdn.shopify.com/s/files/1/0431/0247/0305/files/koranizude.pdf
- https://99312745-ff5d-4760-a7d7-1c2936f55d96.filesusr.com/ugd/8aba0c_a60321617e0244ada601f8395ffdfd51.pdf?index=true
- https://c2c0cb46-fdc0-4535-896f-67f623b32b5f.filesusr.com/ugd/610d21_40f8d543540f43d78f3e86e570a17b58.pdf?index=true
- https://291d7190-adbb-47b2-b1c0-5bad3fd5e913.filesusr.com/ugd/9ff9b8_6b3f286d7f854726be954c739427a160.pdf?index=true
- https://962525ae-b7b5-49a2-ac16-934ede5b7d48.filesusr.com/ugd/1acd69_5880a4905a1a47f188dfb47a103b7118.pdf?index=true
- https://03b1b766-8078-4c0a-9709-316e2c2e0406.filesusr.com/ugd/ed2d23_0d26c985b089479f9ac19ca905cada14.pdf?index=true
- https://1bd4373b-df88-4ea0-8bc4-865d82d4eca5.filesusr.com/ugd/01f9b9_16b2fcac308348799245d50404e4018d.pdf?index=true
- https://0855d770-5e9c-4916-a36b-c3997d8c02a8.filesusr.com/ugd/39cb9d_018e1b19f5b6425daf51040ca3dc1f5e.pdf?index=true
- https://9d83906a-b824-4ec9-8c2c-3783e8a4e7bf.filesusr.com/ugd/3d514e_9a388451d4034142bfd8ffe2c37eaf1a.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000060db.bin0625cdc4a3099545270de721dee56ada07dff15759509134644ce2787fab1ea5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x60DB | 5376 bytes |
font_01_sfnt_off000072fe.binb1d4d1100d341e567d6691a5a743bebc8313679f635d6e77690c5cd47a06ae56 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72FE | 10028 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.