MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious File: Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.cc/pify?keyword=comparing+fractions+worksheet+pdf+with+answers'. This URL is likely part of a phishing or scam campaign, attempting to lure users into clicking through to a malicious site. The document body also contains numerous embedded URLs, many hosted on Shopify, which is characteristic of SEO link farm techniques used to distribute malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=comparing+fractions+worksheet+pdf+with+answers
- http://files.unclekennysorgourmet.com/uploads/1/3/0/7/130775936/tubud_tiwipew.pdf
- http://files.sinergysports.com/uploads/1/3/1/6/131637240/gekoteno.pdf
- http://files.alexandriaponce.org/uploads/1/3/1/1/131163540/tovotarosi-notizimefera-jigaxedatevezi.pdf
- http://files.ea-abc.org/uploads/1/3/1/6/131606343/lalusada-tufebagedan.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/demesudixagivok.pdf
- https://cdn.shopify.com/s/files/1/0430/9755/5093/files/mobile_test_automation_with_appium_nishant_verma_download.pdf
- https://cdn.shopify.com/s/files/1/0440/6067/2165/files/62101390653.pdf
- https://cdn.shopify.com/s/files/1/0437/5209/5898/files/b_lactamicos.pdf
- https://cdn.shopify.com/s/files/1/0435/0319/0181/files/69857338917.pdf
- https://cdn.shopify.com/s/files/1/0427/6961/2966/files/star_wars_west_end.pdf
- https://cdn.shopify.com/s/files/1/0430/6151/0293/files/49542300687.pdf
- https://cdn.shopify.com/s/files/1/0445/5497/7444/files/97257816349.pdf
- https://cdn.shopify.com/s/files/1/0435/8642/0893/files/names_of_animals_in_french.pdf
- https://cdn.shopify.com/s/files/1/0430/4257/0402/files/83894287195.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/39748763391.pdf
- https://cdn.shopify.com/s/files/1/0434/2707/0104/files/23021648095.pdf
- https://cdn.shopify.com/s/files/1/0433/2247/4651/files/flex_slider_option.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000062b3.bin82b2b64b0c0c3ed459a9227637b85ef22a67f88840f0f2cb0a32b04c1b01a4f1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x62B3 | 5596 bytes |
font_01_sfnt_off000075a0.bindb49c9d1231e770c0bb272a19afc28b286e9f7b6d4398e12d12913eea5f5d0fd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75A0 | 10512 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.