MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, with a critical heuristic firing indicating it is a link farm designed to redirect users to malicious infrastructure. The primary redirector URL is https://ttraff.com/wix?keyword=integrated+chinese+level+1+part+2+pdf. While many other URLs point to benign Shopify domains, the presence of the malicious redirector and the overall structure strongly suggest a malicious intent to lure users to harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=integrated+chinese+level+1+part+2+pdf
- http://mexazet.asia-technology-college.com/uploads/1/3/1/4/131407406/90a842f9f5f7c.pdf
- http://kotija.acct301.ehabacademy.com/uploads/1/3/0/8/130813714/bupolo.pdf
- http://wenemisu.theballlab.com/uploads/1/3/1/3/131380623/makovixe.pdf
- https://cdn.shopify.com/s/files/1/0430/6563/9073/files/ramubomagozamurir.pdf
- https://cdn.shopify.com/s/files/1/0429/6412/3814/files/beata_pawlikowska_ksiazka.pdf
- https://cdn.shopify.com/s/files/1/0430/0632/8995/files/mixed_modal_verbs_exercises_with_answers.pdf
- https://cdn.shopify.com/s/files/1/0433/7015/2088/files/steel_rx_male_enhancement.pdf
- https://cdn.shopify.com/s/files/1/0431/2635/8173/files/kixanepuwa.pdf
- https://f5b36219-a50e-420a-8c9c-cc3908372f57.filesusr.com/ugd/1acd69_f47318ab2a1048b5b590aa8f4e00d6da.pdf?index=true
- https://a71f5d54-e840-432d-b970-129a0e1b7872.filesusr.com/ugd/717a42_704965c451eb45f3bb9e3bb4d2091e21.pdf?index=true
- https://6e2798e3-00fb-4bfd-8fb6-3f01a7adb61d.filesusr.com/ugd/6290de_8819ec778b4b4a01ac469fdc080076ba.pdf?index=true
- https://c805ad60-3c75-4b52-861d-02c3760df8ac.filesusr.com/ugd/defcb2_edcc2b6ca8474983977c976510a18374.pdf?index=true
- https://9e44ad94-acb5-44e0-a883-209b921b4900.filesusr.com/ugd/70e7d4_40928ab6739044a684111f50972c99be.pdf?index=true
- https://01c24193-ab88-47c7-821e-025ee62c4519.filesusr.com/ugd/c12414_312be9bfc1a0448283632f09b77b0a05.pdf?index=true
- https://f04d40b6-1114-4be1-b9a2-6e8486b8e19f.filesusr.com/ugd/c345b0_94ab798dfb4d4594b2f73f0a85f53b2e.pdf?index=true
- https://40e6647f-ba9a-4095-91f4-d498643e9155.filesusr.com/ugd/062c90_8da2fc9b82c341129f06e285d0aa11b0.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005050.bin6645121ddc9b0d53435f91e61976519351e3c65457aa41b9e1c414fd544e9d15 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5050 | 5596 bytes |
font_01_sfnt_off00006367.bin72c59a83e5d1f2969cdf3adff50539b0401db02862482bce5a4be01d71529a74 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6367 | 9476 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.