MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document was flagged as malicious by a machine learning classifier and contains a significant number of embedded links. One of these links, https://ttraff.com/wix?keyword=horizon+zero+dawn+complete+edition+strategy+guide, points to known malicious redirector infrastructure. The document body, though heavily obfuscated, also contains this URL and numerous other links to PDF files hosted on static.usrfiles.com and cdn.shopify.com, suggesting a link farm or SEO poisoning tactic to distribute malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=horizon+zero+dawn+complete+edition+strategy+guide
- https://static.usrfiles.com/ugd/b8c837_19e102540730479fa24403e4e216ae7d.pdf
- https://static.usrfiles.com/ugd/b8c837_cf6ce08e6b9b417290052f397acb753e.pdf
- https://static.usrfiles.com/ugd/04e6f9_098cfec8f4aa43a8a64e57b7549b74ea.pdf
- https://static.usrfiles.com/ugd/b8c837_304c82db875343c7814cc21b1dfc30bc.pdf
- https://cdn.shopify.com/s/files/1/0433/1097/3083/files/19785230703.pdf
- https://cdn.shopify.com/s/files/1/0432/4697/7179/files/5338847434.pdf
- https://cdn.shopify.com/s/files/1/0433/4603/4853/files/warajopalerajari.pdf
- https://static.usrfiles.com/ugd/b8c837_65257470cdfa4353843b286775c9c074.pdf
- https://static.usrfiles.com/ugd/7c30af_51539f07d883422ab2d27a61f4c4e11a.pdf
- https://static.usrfiles.com/ugd/b8c837_232b2ce46f504b449e36880dc647fa5a.pdf
- https://static.usrfiles.com/ugd/9c43ec_8b6294095d8a4016a6dd08336e2e7690.pdf
- https://static.usrfiles.com/ugd/4c1554_0bc70fe362104593aaf775ddab4453e8.pdf
- https://static.usrfiles.com/ugd/4479ed_203a77ed9a9944b7ac8845382c7a8ea0.pdf
- https://static.usrfiles.com/ugd/b8c837_59113c651986438ead92e5863b34f416.pdf
- https://static.usrfiles.com/ugd/b8c837_4c38232bcb744ef8919d9fbf7e0ddbee.pdf
- https://static.usrfiles.com/ugd/48f461_d800305176824444a2f37b2260aa4afd.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008931.bin0c3e2a4f6726caffe8467ee975aea075413c212d248e29316ffec0c6ea2163ea |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8931 | 5600 bytes |
font_01_sfnt_off00009c41.binc5ef793eddfbc69f9b6dc18f98dc281aed7cf949616adf44a61e05f1a82445d8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C41 | 10560 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.