MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged by multiple critical heuristics for containing malicious redirector links and a link farm. The ML classifier also strongly indicated maliciousness. The document body contains a URL that points to a known malicious redirector, suggesting an attempt to lure users to malicious content. No scripts were extracted, limiting the analysis of direct execution capabilities.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=neat+polar+graphs
- https://cdn.shopify.com/s/files/1/0434/4253/6598/files/6639910689.pdf
- https://cdn.shopify.com/s/files/1/0437/4600/1045/files/adobe_acrobat_reader_dc_download_free_viewer_for_mac.pdf
- https://cdn.shopify.com/s/files/1/0437/4836/0343/files/kaspersky_anti-_virus_free_trial.pdf
- https://cdn.shopify.com/s/files/1/0462/6415/6314/files/80514733646.pdf
- https://static.usrfiles.com/ugd/b58d21_3b918f7e52014fcda113c13e66a99db9.pdf
- https://static.usrfiles.com/ugd/b8c837_132628c7ef364e36a9117a681bf6acdf.pdf
- https://static.usrfiles.com/ugd/b8c837_5f5df364077b4c2c9bb7c1e71aeafdba.pdf
- https://static.usrfiles.com/ugd/b8c837_a33d3cda790a4d43ba951291a5ab1ebf.pdf
- https://static.usrfiles.com/ugd/b8c837_8341131268b34d49abf5fd162fc899af.pdf
- https://static.usrfiles.com/ugd/b8c837_f5e295ca32214ca29ebc9d4ba87ce6b8.pdf
- https://static.usrfiles.com/ugd/b8c837_3f434805ddda4e75bd6a79c4399aa167.pdf
- https://static.usrfiles.com/ugd/b8c837_a658ed13d6fa4681b9c578129c22c6a6.pdf
- https://static.usrfiles.com/ugd/b8c837_e022dddd4185465698943bf8c13a8487.pdf
- https://static.usrfiles.com/ugd/b8c837_1a36094868c549edb7d52b3539906ddd.pdf
- https://static.usrfiles.com/ugd/63d3ad_0399c3fd262f43939bde44cbefe89ab4.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005df0.bin06843890f5f7aa5c94299b9ba41e485cbf1bd4b603f2f5a709bfd62f01d6b012 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5DF0 | 5048 bytes |
font_01_sfnt_off00006f15.bin4bf598d295f45e880dfb780934825a5c6aa6bbb9732f9206d15d9610a91fb0ac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F15 | 10712 bytes |
font_02_sfnt_off000093ed.bin354dce64f07f3d7acdf6a04edf763950ffbfec4edcbb4bfe17b65a83544077bb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x93ED | 16036 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.