MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link that redirects to a known malicious domain, disguised with a seemingly benign keyword. The document body, though heavily obfuscated, contains the malicious URL and references to other PDFs hosted on static.usrfiles.com, suggesting a link farm or redirection strategy. The ML classifier strongly flagged this PDF as malicious, supporting the observed redirection behavior.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=anatomy+and+physiology+of+human+teeth+pdf
- https://static.usrfiles.com/ugd/739437_2e7f85a296e447369cba0f574e8c243a.pdf
- https://static.usrfiles.com/ugd/10b11f_60af34e03cb5429f9b8576fc59587322.pdf
- https://static.usrfiles.com/ugd/1df9ea_b3a4fdded50a4823be7a528390d74111.pdf
- https://static.usrfiles.com/ugd/5c7528_3587d31028544fc4b6734ecf7a198c1b.pdf
- https://static.usrfiles.com/ugd/76de1a_695259d6919d40ce99151121f9bc8f84.pdf
- https://static.usrfiles.com/ugd/d43733_1105f77bbbee40de9bccf9dba402a38d.pdf
- https://static.usrfiles.com/ugd/6290de_bdacc63f185d4cb098a26811c8793718.pdf
- https://static.usrfiles.com/ugd/ce0e6d_8095ef7581ff45faa9b4ae8411f51865.pdf
- https://static.usrfiles.com/ugd/cf79db_4e6f161c304e4a28af6b085485ec18cb.pdf
- https://static.usrfiles.com/ugd/22bf55_89890c5e195f47d4a9dd79ec09daa527.pdf
- https://static.usrfiles.com/ugd/55cc32_51cccd535bd2410ea44bfe5e0344fd40.pdf
- https://static.usrfiles.com/ugd/a298ce_311ce79a87524b9787b4c123c39bc540.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000610e.bin7843659ee0ea17fe7a7a824afa8c870e97c1003283d49e68d4f024bdae3106cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x610E | 5452 bytes |
font_01_sfnt_off00007384.bin34db85d171357361c116ea408d092647a5dafd982be7eba90f85da4830aff0e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7384 | 10308 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.