MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, specifically `https://ttraff.club/wix?keyword=las+aventuras+de+juan+planchard+2+pdf`. This indicates the document is designed to lure users to a potentially harmful site. The presence of numerous other PDF links, many pointing to file hosting services, suggests a link farm or SEO poisoning tactic to increase visibility of the malicious redirector. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=las+aventuras+de+juan+planchard+2+pdf
- http://files.spaceatcentennial.org/uploads/1/3/1/6/131606429/5874008.pdf
- http://files.eazyclad.com/uploads/1/3/2/6/132695278/49e3c358.pdf
- https://bf30374e-1a83-43e7-a7fd-a10210d38420.filesusr.com/ugd/12dc78_087a433dfb7140f88eda955d808f8ae6.pdf?index=true
- https://af1987b6-5ba8-476a-9444-82c146f18340.filesusr.com/ugd/a640e9_c33f6ac5c8684fb58e67aa907eec1c9a.pdf?index=true
- https://bf0c4b24-a38e-4979-97fa-f488943c404b.filesusr.com/ugd/8e6e76_def3fabad559432cb98051481e4df016.pdf?index=true
- https://54ff0802-2704-42c7-9ffa-0b8c71be9296.filesusr.com/ugd/d99ef3_4f7db881b5e149b4a8da1f0329b00384.pdf?index=true
- https://cdn.shopify.com/s/files/1/0430/5335/1066/files/15202076475.pdf
- https://cdn.shopify.com/s/files/1/0434/2287/5797/files/73816254174.pdf
- https://cdn.shopify.com/s/files/1/0431/2681/6932/files/hornady_reloading_manual_9th_edition.pdf
- https://cdn.shopify.com/s/files/1/0462/5986/3706/files/37257383828.pdf
- https://c75b5ba0-1e20-4c35-b399-65412939be5d.filesusr.com/ugd/9edd50_9792d7e117704bb19afaeb9e05bee931.pdf?index=true
- https://4f005916-a0d0-4bbf-ac5b-008e64cabfda.filesusr.com/ugd/d17951_1ee147d07cc748bf8df6015d11142bc6.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000061fd.bine005223288a6133357f4acb7b8cae72549ff29ab023caa743d946839d7d7231e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61FD | 5452 bytes |
font_01_sfnt_off00007493.bin1cc04c8fdeacac245b1b05f046a460cac298c80897223a58a1fc0df305b773ea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7493 | 11292 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.