MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1059.001 Command and Scripting Interpreter: PowerShell
The PDF contains a large number of embedded links, many of which point to benign content on Shopify, but one critical link directs to a known malicious redirector. The document body, though heavily obfuscated, contains text related to 'ACCA F1 practice questions PDF' and the malicious URL, suggesting a phishing lure. The presence of numerous external links, including the malicious one, indicates a link farm strategy to potentially distribute malware or lead users to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9982
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=acca+f1+practice+questions+pdf
- http://files.dolibersclassroom.com/uploads/1/3/1/1/131164097/vafakeg.pdf
- http://files.cathermanslandscaping.com/uploads/1/3/1/4/131452741/kisapelilis_gavive.pdf
- http://files.thebookenigma.com/uploads/1/3/0/7/130776069/457191.pdf
- http://files.turkishinstructor.com/uploads/1/3/1/4/131453943/kofutewabafisega.pdf
- http://files.elefantsnowboarding.com/uploads/1/3/1/4/131407178/poramugogo.pdf
- https://cdn.shopify.com/s/files/1/0435/5109/6984/files/aparato_circulatorio_anatomia.pdf
- https://cdn.shopify.com/s/files/1/0436/1935/2739/files/cae_exam_vocabulary.pdf
- https://cdn.shopify.com/s/files/1/0435/9297/4499/files/subedus.pdf
- https://cdn.shopify.com/s/files/1/0429/6779/3817/files/93152885008.pdf
- https://cdn.shopify.com/s/files/1/0430/0436/2906/files/zastone_d9000_manual.pdf
- https://cdn.shopify.com/s/files/1/0430/7196/3296/files/27695510873.pdf
- https://cdn.shopify.com/s/files/1/0431/0273/2448/files/john_deere_lx188_owners_manual.pdf
- https://cdn.shopify.com/s/files/1/0429/0910/6343/files/72922513745.pdf
- https://cdn.shopify.com/s/files/1/0437/0972/6888/files/77001786924.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/90296180399.pdf
- https://cdn.shopify.com/s/files/1/0428/4848/5535/files/60271872096.pdf
- https://cdn.shopify.com/s/files/1/0435/7256/0033/files/solidworks_surface_modeling_tutorial.pdf
- https://cdn.shopify.com/s/files/1/0434/2880/6808/files/bujimori.pdf
- https://cdn.shopify.com/s/files/1/0447/2917/2122/files/pdf_to_word_converter_online_full_document.pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005408.bin77f5e67e1fb58cb779531f9b6f99f233285d61de104923083d9f6eaeb91a334a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5408 | 5284 bytes |
font_01_sfnt_off0000661a.bin536b0a7fa3735e5d3f4ebf30113ae28c34ff295438ddb0976d75eedc231acf0c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x661A | 11548 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.