MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass external link farm, with one URL pointing to a known malicious redirector. The document body, though heavily obfuscated, contains the string 'https://ttraff.me/wix?keyword=razor+e150+charger', indicating a lure to a potentially malicious site. The presence of numerous PDF links suggests an attempt to distribute further malicious content or engage in SEO abuse for traffic generation.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=razor+e150+charger
- https://cdn.shopify.com/s/files/1/0436/9108/1882/files/7811660174.pdf
- https://cdn.shopify.com/s/files/1/0432/0778/6657/files/bacterias_gram_negativas_e_positivas.pdf
- https://cdn.shopify.com/s/files/1/0431/4362/6912/files/vodemurubu.pdf
- https://cdn.shopify.com/s/files/1/0435/4303/6053/files/83744012240.pdf
- https://df375eb3-26dc-4aae-b6fe-066011155129.filesusr.com/ugd/b85eb0_67d682d9da0f46cda075de250e91b55e.pdf?index=true
- https://8c02eef2-bcd7-463e-83eb-351eccf7952f.filesusr.com/ugd/a86d68_b8180ba0c51141fc9af96b825619cb84.pdf?index=true
- https://f6502743-8e63-44fa-9eb3-4ee8c30ff1cd.filesusr.com/ugd/accd1f_9239a40a6aa74f69b410cbf71f7d536f.pdf?index=true
- https://ad419737-930f-4424-9a6d-a40f420c0e43.filesusr.com/ugd/66c878_ab8b046e59b247b98f714264de05f181.pdf?index=true
- https://65b9fd36-00cd-4190-9c25-5609e7720b7b.filesusr.com/ugd/b18e4d_48d98ddb6c5f4bfc93a7c07f272abc34.pdf?index=true
- https://ccdd20ba-f8c9-443a-8f47-b7a060617944.filesusr.com/ugd/964009_4456a609ce7f433e9eb489139314e4f8.pdf?index=true
- https://b00d386b-5a65-4361-af74-9a00abc2e750.filesusr.com/ugd/49be48_af64b80eeca94490a8be81e38dae33aa.pdf?index=true
- https://e649079c-b08a-4ced-86cb-cd6b149871a1.filesusr.com/ugd/b6aaa0_de56ac070b604340889b57f69b20e1db.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006334.bin77ff52e34f17a5cd64bf75fb6cbb3c315099365657f7c8d48c953b9e54b757f1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6334 | 5224 bytes |
font_01_sfnt_off0000750e.bind476a10e11e5d97e91b6e805d7b7955f8f99b5648d963a4f4ecabfe1bfe95fcb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x750E | 10756 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.