MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a malicious redirector link disguised as 'human resource management objective questions and answers'. The PDF_MALICIOUS_REDIRECTOR_LINK heuristic confirms this link points to known malicious infrastructure. Additionally, the PDF_SEO_LINK_FARM heuristic indicates the document is part of a link farm, suggesting a broader campaign to distribute malicious content. The ML_NYX_PDF_MALICIOUS score further supports the malicious nature of the file. The primary IOC is the malicious redirector URL.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=human+resource+management+objective+questions+and+answers
- https://static.usrfiles.com/ugd/d162e3_607973dc4d9d4d0c99ddcb5de0b8b4bf.pdf
- https://static.usrfiles.com/ugd/eaf48f_6f7611ef20374a3e85c4725bb579de89.pdf
- https://static.usrfiles.com/ugd/af0aa9_f8308aa0ce4749fc9d2c1c2fd95f76f5.pdf
- https://static.usrfiles.com/ugd/45e30f_9da9b478f6ad4b9aa5150fab6254f178.pdf
- https://static.usrfiles.com/ugd/9bd8c3_56bf780745004f88a506aafa0ce900c6.pdf
- https://static.usrfiles.com/ugd/ced2dc_288a14254eca4b8aafd872197321052e.pdf
- https://static.usrfiles.com/ugd/b8c837_c50f183c9fe44bb6acd7e49a53666537.pdf
- https://static.usrfiles.com/ugd/954c8b_dfd836548d7e4d7ab6aa4124e4c8e145.pdf
- https://static.usrfiles.com/ugd/b8c837_58cefc3aef284e358fb09f3a1017fe3c.pdf
- https://static.usrfiles.com/ugd/8a419d_c1bb122e86724a98823fd51cf03a31cf.pdf
- https://static.usrfiles.com/ugd/a838c0_fe0ad45d787c4275b0d9cecff3b3c39d.pdf
- https://static.usrfiles.com/ugd/dcbeda_e6e08c39f1054700abbcfa0100c5cf5a.pdf
- https://static.usrfiles.com/ugd/b0cb2d_ae1cde0541904dfc8a5a9012dbd02fc3.pdf
- https://static.usrfiles.com/ugd/268ab1_05491b04ac55480993799cecad5e77d7.pdf
- https://static.usrfiles.com/ugd/086daf_cad9bf8adc2c4a9fb24426eac798e902.pdf
- https://static.usrfiles.com/ugd/717a42_7f8a515a8bb84129a3c1ceef0eede14d.pdf
- https://static.usrfiles.com/ugd/87a178_a63a8cac23a04ae48fb17988e3a8701f.pdf
- https://static.usrfiles.com/ugd/564d2e_9799494fa12d48d78e99a7c1af8091ab.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008ebc.bine45f36feef4b31b2482a99ba3c67433ed3b1e68138bffb0d5260eec1f408479c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8EBC | 5684 bytes |
font_01_sfnt_off0000a1f5.bin17171254f76e4ede11567431e675c32f8631487c3fcf11c90162d81d44224bc5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA1F5 | 11024 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.