MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to a redirector service. The document body, though heavily obfuscated, contains text that appears to be a lure for a database template. The primary malicious indicator is the link to 'ttraff.cc', which is flagged as a malicious redirector. This suggests the document is designed to trick users into visiting a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=modelo+de+base+de+datos+relacional
- https://cdn.shopify.com/s/files/1/0434/6966/8517/files/excel_mortgage_calculator_template_with_extra_payments.pdf
- https://cdn.shopify.com/s/files/1/0435/4323/2661/files/44539025865.pdf
- https://cdn.shopify.com/s/files/1/0432/0608/2717/files/general_business_awareness.pdf
- https://static.usrfiles.com/ugd/191a6d_acea5159888d4fc797b2a0a106ec44c1.pdf
- https://static.usrfiles.com/ugd/361045_f1076fcd52d6440a91e7a0ea432f1048.pdf
- https://static.usrfiles.com/ugd/4cf28d_8126674e91bb4e4d9c70c304fec3a621.pdf
- https://static.usrfiles.com/ugd/b11f6d_2683b580bb264e1fb0ce9a65b4181f28.pdf
- https://static.usrfiles.com/ugd/724bd4_02b6c1a81124495cbc5a382ce50a6d27.pdf
- https://static.usrfiles.com/ugd/e78b77_7b36b54d13644ab5aac1c9fafd4c488e.pdf
- https://static.usrfiles.com/ugd/cf79db_8ea1ed0b45154f379fa0765c40d01d15.pdf
- https://static.usrfiles.com/ugd/ea78e0_48394a9740744aaa8acde130e31bc7e7.pdf
- https://static.usrfiles.com/ugd/1cc7e8_0454d0927f5f47ac8f1e966c42ab98d5.pdf
- https://static.usrfiles.com/ugd/19ce5d_9b89b298611c47a9ac6f8b2240542450.pdf
- https://static.usrfiles.com/ugd/b8c837_9f6098a780084613aac26b7d57425968.pdf
- https://static.usrfiles.com/ugd/29c71c_621067efca134cce9664bb8ba4f19b59.pdf
- https://static.usrfiles.com/ugd/0fdb6d_c8f45bd880c54cbd9e17a3f943d2d81f.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00009b6f.bina8f89f19680fac8bae8bcb201d30a2a3ab882e018280b417f02aa0856743a25c |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x9B6F | 18884 bytes |
font_00_sfnt_off00006761.bin02e846d113c632cc5706d9535640de8c58eda912bfefc0dbea5f534e8ac51541 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6761 | 4864 bytes |
font_01_sfnt_off000077eb.bin45a3cebb82b355f34af6e997e3fdba68424ea9c9ef4eb154edf852546e7d6aa2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77EB | 10800 bytes |
font_03_sfnt_off0000b9d9.bin7f6049e5011acf0e8581793f2bc2bb947aac2929fdb77abc318b2a6155c1ef71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB9D9 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.