MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document was flagged by multiple critical heuristics for containing malicious redirector links and a large link farm. The primary malicious URL identified is 'https://ttraff.me/wix?keyword=hollis+upper+elementary+school', which is likely used to lure victims. The document body contains obfuscated text and references to the wkhtmltopdf tool, suggesting it was programmatically generated to host these links.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=hollis+upper+elementary+school
- https://cdn.shopify.com/s/files/1/0429/9712/1178/files/mp4_video_converter_for_android.pdf
- https://cdn.shopify.com/s/files/1/0434/1897/6414/files/aluminium_composite_panel.pdf
- https://cdn.shopify.com/s/files/1/0431/7613/2774/files/fewevitoxajeximelubabu.pdf
- https://cdn.shopify.com/s/files/1/0434/1468/3813/files/cisco_csr_1000v.pdf
- https://c2f1c814-b4e1-4763-8f3e-7d9dd8a717ef.filesusr.com/ugd/bb05c1_dfb1a16a3a444747b2407d31184b74b3.pdf?index=true
- https://00f4c266-eca9-426a-ad95-7ab01d305740.filesusr.com/ugd/1e4819_44b4f431f75c4e75b2e14b56aea30fde.pdf?index=true
- https://87ed88b8-e5c4-4ee5-a525-a4d56549c501.filesusr.com/ugd/c88839_f699646d639f4b788fe3885a22f4a4c0.pdf?index=true
- https://690fe2ae-7452-44ff-b09a-830313ea17e3.filesusr.com/ugd/90661f_bdbe8c69f03448f7aca838e7833dd42c.pdf?index=true
- https://00c23021-6cb5-45c2-bb99-728535c93efe.filesusr.com/ugd/28b3f7_79e112ecee4f4b40a8006aada566c974.pdf?index=true
- https://60c4eea2-872c-498c-8280-617bb2ab6f3e.filesusr.com/ugd/a98ecc_76c94f8b8e734db6a43d8251c02131f3.pdf?index=true
- https://96356816-63f8-4ee9-b5df-dd722fb2d556.filesusr.com/ugd/7baf93_11a1db5e55444ad3ac037ec6f57a8e1a.pdf?index=true
- https://fa60375f-7c6c-44b9-b230-7e252d766b78.filesusr.com/ugd/a9248e_eb299cc1ef974f6abaec799c766ee436.pdf?index=true
- https://a869dd48-546e-4445-8433-6ebe06806dae.filesusr.com/ugd/5b1e3c_162247f5c8bb4fb390bf7e910d597230.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://a869dd48-546e-4445-8433-6ebe06806dae.filesusr.com/ugd/5b1e3c_162247f5c8bb4fb390bf7e910d597230.pdf?ind
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006504.bin1a6760d875d7caf12487bf1c8ac783e6953becd765e1b3d3098ad343a57d5eef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6504 | 5236 bytes |
font_01_sfnt_off000076ac.bin0d9fb56c21ee50c8e33b2ce6d2e8bc69be90e044342912fd26040168afbc37fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76AC | 10104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.