MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged as malicious by a machine learning classifier and contains a link to a known malicious redirector. It also exhibits characteristics of a PDF link farm, with numerous external links, many hosted on Shopify. The primary malicious URL identified is https://ttraff.ru/pify?keyword=dacor+wall+oven, which likely serves as a gateway to further malicious content. The document body itself is heavily obfuscated and contains the malicious URL, suggesting a lure related to 'Dacor wall oven'.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=dacor+wall+oven
- http://files.goodchoicedogtraining.net/uploads/1/3/1/3/131379830/7487867.pdf
- http://jaxokoge.evosilverstudio.com/uploads/1/3/0/9/130969060/vujexubazik.pdf
- http://files.csplash.org/uploads/1/3/1/3/131381374/3499815.pdf
- http://files.paper-scraps.com/uploads/1/3/0/8/130814715/viwivepotugun-nebamipakaki-duxiwu.pdf
- https://cdn.shopify.com/s/files/1/0430/3749/1354/files/13088833306.pdf
- https://cdn.shopify.com/s/files/1/0432/6844/0232/files/contoh_soal_akuntansi_perusahaan_dagang_beserta_jawaban.pdf
- https://cdn.shopify.com/s/files/1/0460/1954/3199/files/71855592467.pdf
- https://cdn.shopify.com/s/files/1/0431/5820/8674/files/kazebibiboguwixori.pdf
- https://cdn.shopify.com/s/files/1/0437/6412/1749/files/video_from_vimeo_password.pdf
- https://cdn.shopify.com/s/files/1/0429/1480/7974/files/44417128561.pdf
- https://cdn.shopify.com/s/files/1/0453/8921/7960/files/tugir.pdf
- https://cdn.shopify.com/s/files/1/0430/0292/1111/files/catecismo_menor_explicado.pdf
- https://cdn.shopify.com/s/files/1/0434/0659/0104/files/malubapori.pdf
- https://cdn.shopify.com/s/files/1/0434/7900/7398/files/gamestop_gta_5_ps4.pdf
- https://cdn.shopify.com/s/files/1/0430/4669/9165/files/adhyatma_ramayanam_tamil_free_download.pdf
- https://cdn.shopify.com/s/files/1/0435/6017/3717/files/password_safe_pro_full_apk.pdf
- https://cdn.shopify.com/s/files/1/0432/1234/1416/files/16270065589.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004c50.binb4af3521b8884bfdea8f01b01252d0ba5d3d5787f7c78f22441e053912b54c76 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4C50 | 4768 bytes |
font_01_sfnt_off00005ca6.bin5df41d6c3328edbce220a6cfc6fe7eab776d7dc7de8fed891c5e0f7d8e5e5962 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5CA6 | 9952 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.