MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of embedded links, many of which point to external PDF files, suggesting a link farm or redirection strategy. The primary URL identified, 'https://ttraff.me/wix?keyword=alaska+battle+of+the+books+practice+questions', is flagged as a malicious redirector. While no scripts were explicitly extracted, the PDF structure and embedded links are indicative of a social engineering attempt to direct users to malicious infrastructure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9989
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=alaska+battle+of+the+books+practice+questions In PDF document text
- http://files.electaylin.com/uploads/1/3/2/7/132740320/8322645.pdfIn PDF document text
- http://files.rachelmathieudesign.com/uploads/1/3/1/0/131070169/soxefemig.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://cdn.shopify.com/s/files/1/0429/3279/7603/files/17627394080.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0463/5420/2790/files/normovolemic_hemodilution_guidelines.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0430/7596/0985/files/soruvadeb.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0432/5618/4992/files/papedalor.pdfIn PDF document text
- https://1f2359ad-3304-4ecb-827c-b4d6c201f4cc.filesusr.com/ugd/a4e402_7e9605771ca343b881e49589ebb4db78.pdf?index=trueIn PDF document text
- https://46647d56-b2c6-415c-907e-cd01b80dc042.filesusr.com/ugd/f80014_68b861bed6e64ed4a601ad515f87f712.pdf?index=trueIn PDF document text
- https://f13d0ea2-eb61-44fc-b10b-d79ac6077e8a.filesusr.com/ugd/717a42_77df98b9052c4ea192ee4f523291b298.pdf?index=trueIn PDF document text
- https://e8dc1a2e-8e8d-44ed-9fe2-fda77f1d1afa.filesusr.com/ugd/1d64af_aa7dc2051cbf42bda404039d23a02786.pdf?index=trueIn PDF document text
- https://c3734d49-1434-4af1-bb44-336b6aa111bc.filesusr.com/ugd/0adedf_ba0c5a1d402042978c3399e7a31bc330.pdf?index=trueIn PDF document text
- https://d6f71122-7822-4784-8f4d-9bb0600b5ccf.filesusr.com/ugd/7dfe85_a806ddf4fb6b41f8821c172aca33707a.pdf?index=trueIn PDF document text
- https://254b5db8-48b1-480b-8969-66359ca724e3.filesusr.com/ugd/bcc0e4_9acd7fea37d24b728463a5e7a6553aec.pdf?index=trueIn PDF document text
- https://0ed615a5-87d8-4766-9eb9-1261b960efa7.filesusr.com/ugd/77d535_af067aea08484eb8a403fe013a3f0942.pdf?index=trueIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006486.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6486 | 5420 bytes |
SHA-256: 2a7a9aecf51c24e10cb08cc41dd00fab8d9cf72de7304b91728a071b399f02fe |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.