MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document contains a link to a known malicious redirector, identified as 'ttraff.club'. The document body, though partially corrupted, suggests a lure related to 'Digimon world evolution android guide'. The presence of numerous external PDF links, many pointing to benign files, indicates a link farm strategy to obscure the malicious destination. The ML classifier strongly supports the malicious verdict.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=digimon+world+evolution+android+guide
- https://907300f6-fa11-41b2-8cfa-ed270a63c39a.filesusr.com/ugd/84a5c6_83579e1214154ad9be5e225a3bf5a98e.pdf?index=true
- https://e46d9a9b-f09b-4d7a-9fae-d282df922345.filesusr.com/ugd/38062a_80ddb655ead849a586610d8dc21a21a1.pdf?index=true
- https://cf4202cd-cac2-40a1-939d-44d9c880e448.filesusr.com/ugd/debdc1_57da8a868629434ea44d5d6085d769e6.pdf?index=true
- https://2adcee46-3dd0-4f3b-9b4a-ce41c95c1520.filesusr.com/ugd/ee9d3f_3dcc65ed48e14e1c8535da14d6b7f9ba.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/8950/2111/files/datituwijekulo.pdf
- https://cdn.shopify.com/s/files/1/0429/0658/3203/files/pidabuvodubilo.pdf
- https://cdn.shopify.com/s/files/1/0432/4697/7179/files/dedodatogebazalasibonapi.pdf
- https://cdn.shopify.com/s/files/1/0435/7046/2883/files/formal_email_writing_to_professor.pdf
- https://9cf33456-be59-4309-82d9-1e279c48c476.filesusr.com/ugd/7ba596_190b5cdbad8a4043a69bc13fb699e4a5.pdf?index=true
- https://33404b20-3b14-4696-ac3d-4d638962b513.filesusr.com/ugd/2c608b_28416c1a834a4663b7f3d8ab154c7a95.pdf?index=true
- https://4cdb4d15-3c93-4456-9f74-ea827d5c4893.filesusr.com/ugd/361045_8756165bc80447fcb36577e557b750e8.pdf?index=true
- https://cdn.shopify.com/s/files/1/0437/1369/1799/files/zukomezalikisasibitukoro.pdf
- https://cdn.shopify.com/s/files/1/0427/8360/4903/files/zarchiver_donate_free_for_android.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005a6b.bin0b5e56a0d33062f22f3b406d90c063b462a8a3aa7086ee1a44387a6e4e07ee72 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A6B | 5120 bytes |
font_01_sfnt_off00006bd5.binbf7b3d4f6d3c83111c43f951e4ed1051552289fa817ab6fff72981302bd46c81 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BD5 | 10256 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.