MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious Link
T1059.001 PowerShell
The PDF contains a high number of embedded links, many of which point to benign Shopify domains, but one critical link redirects to a known malicious infrastructure at 'ttraff.cc'. This suggests an SEO poisoning or phishing attempt, where the document masquerades as a useful resource (like a camera manual) to trick users into clicking the malicious URL. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=fuji+xt1+manual+lens
- https://cdn.shopify.com/s/files/1/0429/5376/9126/files/99076795661.pdf
- https://cdn.shopify.com/s/files/1/0430/9545/7941/files/authorised_representative_nomination_form.pdf
- https://cdn.shopify.com/s/files/1/0450/2755/7526/files/buruzogajakagowewomip.pdf
- https://static.usrfiles.com/ugd/b98abb_254e89c4ef5647018d0d2449917bb423.pdf
- https://static.usrfiles.com/ugd/10b11f_0a59e526bafb40e280c0211c55a79019.pdf
- https://static.usrfiles.com/ugd/66c878_425bd5b72825407aa318441a414fcd7e.pdf
- https://static.usrfiles.com/ugd/fac845_bb800490a262402295f17929f4bf6a5e.pdf
- https://static.usrfiles.com/ugd/ee6770_b769354bdddf47ee9d94f20289e6b4ac.pdf
- https://cdn.shopify.com/s/files/1/0431/8062/1984/files/36818019963.pdf
- https://cdn.shopify.com/s/files/1/0434/7058/6022/files/velivozagupixur.pdf
- https://cdn.shopify.com/s/files/1/0464/2999/5160/files/guided_reading_lesson_video.pdf
- https://cdn.shopify.com/s/files/1/0432/3311/6317/files/gununopefavo.pdf
- https://static.usrfiles.com/ugd/b8c837_1c8f0f166b774fa6be07bed4b8b3d198.pdf
- https://static.usrfiles.com/ugd/2813e2_5a00c9c04131488793aaf18cfefefda8.pdf
- https://static.usrfiles.com/ugd/b8c837_2834bcfd68bd46e392f192ff386ad85c.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007e7b.binf94cd9212a720d8b45c4aea23d46af31dcc3a1edda2730ec3c39f3fd939a144d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E7B | 4032 bytes |
font_01_sfnt_off00008cd8.bin39dc363d62e05344d639988015462d9ba21aa2126f5120a55bb99bbd0f4d594f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8CD8 | 4884 bytes |
font_02_sfnt_off00009d6c.bin08ebb877fed83df5b1e52736e5e4839706935d66cc6d533d4d2f27d393ebee2a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9D6C | 10592 bytes |
font_03_sfnt_off0000c1c7.bin069f5cdcb972b33999f3dc18a3e5b847fc2aa024b7c5b45b4734cedf253a8e5c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC1C7 | 16376 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.