MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
This PDF file contains multiple embedded links, a common tactic for phishing and redirecting users to malicious sites. One prominent URL, "https://ttraff.club/pify?keyword=battle+cats+hacks+ios", suggests a lure related to in-game currency or cheats. The PDF structure and the presence of numerous external links, as indicated by the PDF_SEO_LINK_FARM heuristic, further support a malicious intent to drive traffic to potentially harmful content. The ML classifier also strongly flagged this file as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=battle+cats+hacks+ios
- http://files.warriormassage.com/uploads/1/3/1/3/131383467/1626625.pdf
- http://files.traceynjohnson.com/uploads/1/3/0/7/130738870/02da2.pdf
- http://files.datumfoundation.org.uk/uploads/1/3/0/7/130775199/31d4b3ee23.pdf
- http://bamegir.mildlyoffensivetv.com/uploads/1/3/0/7/130775181/gutawowubejiresamiku.pdf
- http://kadenuz.beckpayne.com/uploads/1/3/1/6/131637814/da5fa0.pdf
- https://4ae7187e-23f0-459d-9840-4e456c40e07e.filesusr.com/ugd/98d33d_8eb1db516fb54ba48800b40e61a5ee83.pdf?index=true
- https://c89457b0-1e40-4f05-b043-f17c1454356c.filesusr.com/ugd/72216b_326cabba617f40d1acc8daf071947dd1.pdf?index=true
- https://ba22cbf4-fe8d-4529-af6e-9c3f8aa08a20.filesusr.com/ugd/9058e5_0c50d3382d094efc9b183073ed4e050f.pdf?index=true
- https://1f2d5c67-41e9-4e6d-bb7c-78550f0d2391.filesusr.com/ugd/2eedf1_fa8871ce7c344e8486b0dab8bfe8ff87.pdf?index=true
- https://b2922c17-3443-41ed-ae95-3b2edc0f49a0.filesusr.com/ugd/ac1638_0442a1977d4447f88e990507133004ed.pdf?index=true
- https://4583d02d-e1c0-40a3-8de2-35c6fcb7737a.filesusr.com/ugd/7836c9_285f2a5a2e15421cb2b4653a5f510c2a.pdf?index=true
- https://f79ff84b-87c3-47dc-a806-f2954a7f0f7e.filesusr.com/ugd/9d869b_2b28f278224b44efb6701cd93d1d9c32.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://4ae7187e-23f0-459d-9840-4e456c40e07e.filesusr.com/ugd/98d33d_8eb1db516fb54ba4
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006b55.binfe2f18fd59ff036b8039bcbb4e77f33545d1e2c20f14d391dfe6da2903b20431 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B55 | 4584 bytes |
font_01_sfnt_off00007aea.bin478d38ca79dd035e39a1f2988fa6281b848f038be475df69b389762274cef91c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7AEA | 9856 bytes |
font_02_sfnt_off00009c75.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C75 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.