MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file was flagged as malicious due to a critical heuristic identifying a redirector link pointing to known malicious infrastructure. The document body, though heavily obfuscated, contains the URL 'https://ttraff.ru/wix?keyword=aqa+gcse+physics+hodder+textbook+answers', which is likely intended to deceive users into believing they are accessing legitimate educational material. The presence of numerous other links, many pointing to 'static.usrfiles.com', suggests a link farm or SEO poisoning tactic to increase the visibility of the malicious redirector. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=aqa+gcse+physics+hodder+textbook+answers
- https://static.usrfiles.com/ugd/b8c837_b4ddae6f16c24df8802168dbf9c83dd1.pdf
- https://static.usrfiles.com/ugd/fb5067_4fbe665a93854f21920138894b9872c5.pdf
- https://static.usrfiles.com/ugd/b8c837_96bb1220464242ba9e414e2cc5540424.pdf
- https://static.usrfiles.com/ugd/19ce5d_40e8e46ae5bc45e89184d405bf5ebd6c.pdf
- https://static.usrfiles.com/ugd/b8c837_1e91a634fb4d42afa64c2b9967012a9c.pdf
- https://cdn.shopify.com/s/files/1/0433/5671/7206/files/bullet_bet_predictions_apk.pdf
- https://cdn.shopify.com/s/files/1/0437/2873/2314/files/90115782430.pdf
- https://cdn.shopify.com/s/files/1/0438/9522/6523/files/massey_ferguson_231_service_manual.pdf
- https://cdn.shopify.com/s/files/1/0430/6888/3098/files/30135555462.pdf
- https://static.usrfiles.com/ugd/b8c837_4b3ccff3355c4b72882e361250503326.pdf
- https://static.usrfiles.com/ugd/685707_3abc0d586e3d4784ae486a40df70fdfc.pdf
- https://static.usrfiles.com/ugd/b8c837_d67b4c963fb44659a47360a24d2ee498.pdf
- https://static.usrfiles.com/ugd/a2d007_464b0966c8c648269752768a64c17fbb.pdf
- https://static.usrfiles.com/ugd/b56239_1fb2ba189455430294d8a143d402237e.pdf
- https://static.usrfiles.com/ugd/b8c837_05f0478cb90445b1bd23fb2084d983f9.pdf
- https://static.usrfiles.com/ugd/760101_fbf1630333c341a5a1a432d4e40c05cc.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000047f7.bin35a4d85f0ce44aab7b6b7a2ddb91d2a5a8598f6ccb7aa5ce38b79af357c9433a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x47F7 | 5672 bytes |
font_01_sfnt_off00005b48.bind1a2ffcdc7ae7c1d97ea10c82f88aa0313f1049a8769475e579e5d0ce09a1d33 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5B48 | 9752 bytes |
font_02_sfnt_off00007c87.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C87 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.