MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to known malicious infrastructure. The document body, though heavily obfuscated, contains a URL that appears to be a lure related to "Hypertensive urgency coding guidelines". This URL, https://ttraff.club/wix?keyword=hypertensive+urgency+coding+guidelines, is the primary IOC. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=hypertensive+urgency+coding+guidelines
- https://static.us
- https://static.usrfiles.com/ugd/ac72e0_b9adfc93ce8142fb9cdfbf1289fdadfa.pdf
- https://static.usrfiles.com/ugd/b444d4_96a2aaababf34d71b10ab065830fdef4.pdf
- https://static.usrfiles.com/ugd/3b47cb_24ea2ea55ba14a1087cf6b2d54829bab.pdf
- https://static.usrfiles.com/ugd/1df9ea_9f19ef001eaf48ba8d19295da91c93e3.pdf
- https://static.usrfiles.com/ugd/2f3ac6_7aa21568c0a74c42a401856d72ae74ef.pdf
- https://static.usrfiles.com/ugd/b8c837_e62dca9eb4164cc580e4e8856dd25dcd.pdf
- https://static.usrfiles.com/ugd/b8c837_e2f97d989bce4ff79a7d7a2b7692f33d.pdf
- https://cdn.shopify.com/s/files/1/0429/6887/5157/files/25575429916.pdf
- https://cdn.shopify.com/s/files/1/0431/6515/5487/files/22875169633.pdf
- https://cdn.shopify.com/s/files/1/0428/9773/5843/files/23898905106.pdf
- https://cdn.shopify.com/s/files/1/0438/5406/9925/files/basic_electronics_components_tutorial.pdf
- https://cdn.shopify.com/s/files/1/0438/1173/3664/files/juderikovatekarevis.pdf
- https://cdn.shopify.com/s/files/1/0434/0645/9032/files/46265814744.pdf
- https://cdn.shopify.com/s/files/1/0440/0952/1317/files/54085630219.pdf
- https://cdn.shopify.com/s/files/1/0438/3509/7245/files/1846599635.pdf
- https://cdn.shopify.com/s/files/1/0431/6659/7288/files/fupijiwaforozewejabelowo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000067c2.bin2bd824b3903d192822a35ed21be9a64fcd4ec58f78bf7ec4e4f28733d3660daa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67C2 | 5036 bytes |
font_01_sfnt_off000078fc.bin082e7710f11ba79f175690bf42dc4a7c72854c7c47aa43d772ad47910efd39ef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x78FC | 9848 bytes |
font_02_sfnt_off00009a9c.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A9C | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.