MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged as malicious by ML classifiers and heuristics indicating it contains a link to a known malicious redirector. Additionally, it features a large number of external links, many pointing to Shopify domains, suggesting an attempt to manipulate search engine results or distribute content through a seemingly benign platform. The document body contains garbled text and a URL that appears to be the primary malicious redirector.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=latex+times+new+roman+font+pdflatex
- http://files.50plusstickingtogether.com/uploads/1/3/1/4/131452938/498ca.pdf
- http://files.victoriabaker.net/uploads/1/3/1/4/131406800/kadojib.pdf
- http://tilikob.destinationsananselmo.com/uploads/1/3/1/4/131407995/210105.pdf
- https://cdn.shopify.com/s/files/1/0433/6464/7077/files/sales_and_marketing_cv.pdf
- https://cdn.shopify.com/s/files/1/0428/0470/7491/files/30522553228.pdf
- https://cdn.shopify.com/s/files/1/0428/1712/6567/files/fixogotugove.pdf
- https://cdn.shopify.com/s/files/1/0432/3550/8381/files/42116482327.pdf
- https://cdn.shopify.com/s/files/1/0430/2045/1997/files/cessna_421c_service_manual.pdf
- https://cdn.shopify.com/s/files/1/0434/2376/0536/files/wokejikunumenimes.pdf
- https://cdn.shopify.com/s/files/1/0427/7311/9143/files/95657520840.pdf
- https://cdn.shopify.com/s/files/1/0427/4287/4278/files/gededuruniseserivuxutato.pdf
- https://cdn.shopify.com/s/files/1/0429/7129/9999/files/bogitumege.pdf
- https://cdn.shopify.com/s/files/1/0434/3080/5669/files/65408878800.pdf
- https://cdn.shopify.com/s/files/1/0431/6587/6379/files/49037379797.pdf
- https://cdn.shopify.com/s/files/1/0430/8510/3258/files/wafusumodinipipep.pdf
- https://cdn.shopify.com/s/files/1/0433/5842/1142/files/cognitive_biases_codex.pdf
- https://cdn.shopify.com/s/files/1/0447/9392/1685/files/one_touch_ultra_manual.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000686b.bin38adf11ecc9cc109a61e9a10863c61c73e786f71f3e3715da02a54f97a14c4b3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x686B | 5076 bytes |
font_01_sfnt_off000079ad.bin10e6083ad8bdbaee23ab9e4c73b8448e09e919e8ae98830f20e0382ea269a5ae |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79AD | 10176 bytes |
font_02_sfnt_off00009c86.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C86 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.