MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a significant number of embedded links, many of which point to a redirector service. The document body, though heavily obfuscated, contains text related to a movie title and a URL that appears to be part of a link farm designed to attract users. The primary malicious URL identified is ttraff.me, which is flagged as a malicious redirector.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=elysium+pelicula+completa+en+espa%25C3%25B1ol+latino
- https://60598371-1f01-4afb-aff5-b08041a175e0.filesusr.com/ugd/09c3c7_3710ecb0212d4a7593f897b25f9afd12.pdf?index=true
- https://99311b8e-359f-45c2-b07d-d0be89847786.filesusr.com/ugd/1b7c00_c08dbc59ca4d414f99cd26eb721ba421.pdf?index=true
- https://070dbfc0-c1bd-4a68-86f7-2a5889585949.filesusr.com/ugd/cfbfd2_6d8690e7cab942838b79e1461a5831c5.pdf?index=true
- https://f9bc523b-04ba-46c2-a6b4-39982b32427b.filesusr.com/ugd/6fd45c_eab857f154934522a24ce6411e6ec307.pdf?index=true
- https://e2aed4d5-c858-417c-bcc2-482de9ea287a.filesusr.com/ugd/3283b0_92c58ab26d9d49de9b939310e1e82af6.pdf?index=true
- https://cd0422fa-6362-4cdb-ae23-d8f7947d5282.filesusr.com/ugd/952c2e_ebaa22f400564583969baf5730ea3747.pdf?index=true
- https://1d52706e-08cb-4794-a06b-0e17a9b389e0.filesusr.com/ugd/5ad03d_3854259a468d41789d22a906410d8823.pdf?index=true
- https://df88bed1-3df1-4a4a-a6cb-36641cd22a25.filesusr.com/ugd/12745a_0a12e2043bce4d658078a7de025a222b.pdf?index=true
- https://326569b1-3978-40cb-a20e-39c6de34f34f.filesusr.com/ugd/345929_338207df1ac244f68ce27b92a65dc9c3.pdf?index=true
- https://b084e26b-8e53-4c0b-a6d9-1f9f7e085efd.filesusr.com/ugd/930050_ca4cfa91fdad4559b9d729ae5755f4c8.pdf?index=true
- https://a235ab64-0238-4ed0-99cb-01cded5876a0.filesusr.com/ugd/158fb9_d4e4e47b258c49639d31e40af4308f3c.pdf?index=true
- https://1181d300-2148-467a-9587-450ec1f6267e.filesusr.com/ugd/debbe1_89f9a51e104241e49177c86a2fa70a5e.pdf?index=true
- https://3b4d9a03-937d-4320-83c6-0e92e2b2adef.filesusr.com/ugd/05301a_fb82d1b8e94547ed817231b9cc3768d0.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005736.bin6c486fdc1c13ff7b1944e885559fd415b048e94e0d29feb45b6eab9a53f56d17 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5736 | 5256 bytes |
font_01_sfnt_off000068d1.bin3e028d59e5007892130ed27efddaac0f6ec49e7850109f33eb7d50af50bdd9df |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68D1 | 11452 bytes |
font_02_sfnt_off00008e97.bin53a0e130f2371045e1ebbcca70a024b76227e3615a461c216ef7b7af1994dcbb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E97 | 16196 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.