MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many pointing to Shopify domains, but one critical link directs to a known malicious redirector. The document body text, though heavily obfuscated, contains the phrase 'Raachisi song download' and the malicious URL, suggesting a lure to trick users into clicking the link. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=raachisi+song+download
- https://cdn.shopify.com/s/files/1/0431/8471/7979/files/fubizisawajijupa.pdf
- https://cdn.shopify.com/s/files/1/0435/6302/4547/files/bilingual_books_spanish_english_for_adults.pdf
- https://cdn.shopify.com/s/files/1/0434/4388/0093/files/prime_rib_roast_buying_guide.pdf
- https://static.usrfiles.com/ugd/0e2875_9b8e21a5df5040ccad61e0168010ce01.pdf
- https://static.usrfiles.com/ugd/9d869b_0f4d8cca545b41fbacd6421fe1a74140.pdf
- https://cdn.shopify.com/s/files/1/0434/6960/2978/files/upsc_zoology_syllabus.pdf
- https://cdn.shopify.com/s/files/1/0433/1218/5494/files/vizenoxewexijoduduju.pdf
- https://cdn.shopify.com/s/files/1/0431/7046/3895/files/30666973777.pdf
- https://cdn.shopify.com/s/files/1/0427/8360/4903/files/redaremu.pdf
- https://cdn.shopify.com/s/files/1/0431/5545/6164/files/honeywell_thermostat_manual_older_models.pdf
- https://cdn.shopify.com/s/files/1/0434/5492/2902/files/50834952633.pdf
- https://cdn.shopify.com/s/files/1/0433/8240/7335/files/dremel_8220_manual.pdf
- https://cdn.shopify.com/s/files/1/0437/2856/8471/files/mbm_93m_manual_folder_troubleshooting.pdf
- https://cdn.shopify.com/s/files/1/0436/2744/6435/files/xebamuwixa.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006fa6.bin7ac43e4805689f12e51c062c3f36ff378feb5298918bfba5eb0e2e08fc208543 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FA6 | 4796 bytes |
font_01_sfnt_off00007fe5.bin2a57aa24c1722c9a6edd88ed3c4747c6533328aa9ed84c892d6b1474540a1ce8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FE5 | 9244 bytes |
font_02_sfnt_off00009930.bin23ed368a48a4c666d091938199e205ec7da7310ebf59a96ff3283f55000d062e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9930 | 5724 bytes |
font_03_sfnt_off0000acc4.bin899c90a57ca6584219cf36b720b1f6de0fcbc621387b36e251b9ee6e3ca843b9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xACC4 | 11512 bytes |
font_04_sfnt_off0000d304.bin1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD304 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.