MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a link farm. The embedded URL `https://ttraff.me/wix?keyword=haute+route+chamonix+zermatt+%25C3%25A9t%25C3%25A9+sans+guide` is identified as a malicious redirector. The document also contains a large number of links to shopify.com and static.usrfiles.com, many of which are likely part of a link farm to obscure the ultimate destination.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=haute+route+chamonix+zermatt+%25C3%25A9t%25C3%25A9+sans+guide
- https://cdn.shopify.com/s/files/1/0430/7792/7072/files/61170209935.pdf
- https://cdn.shopify.com/s/files/1/0430/7995/8679/files/70124632171.pdf
- https://cdn.shopify.com/s/files/1/0434/0498/4474/files/72394183441.pdf
- https://cdn.shopify.com/s/files/1/0433/7994/9718/files/mewewesasa.pdf
- https://static.usrfiles.com/ugd/455f95_14d5f428b28d42cf8a1d67b4b5217793.pdf
- https://static.usrfiles.com/ugd/36f25b_b4ff133d3ee646acbacb074508421bcb.pdf
- https://static.usrfiles.com/ugd/913720_7a419d7fc8b347388548857a2d68df81.pdf
- https://static.usrfiles.com/ugd/b8c837_24841f9d180540919a1375c8fd60701a.pdf
- https://static.usrfiles.com/ugd/b8c837_bbb42eef0c7743daa41a1dd219d3782d.pdf
- https://static.usrfiles.com/ugd/e1c37d_ef4b7ab8317c456486bace2cf0fe4e0c.pdf
- https://static.usrfiles.com/ugd/2074c9_adb1a0c85625411fb8c6276ba3368066.pdf
- https://static.usrfiles.com/ugd/9f2514_d5b83f9e78764eabb9c3b1a5bca41737.pdf
- https://static.usrfiles.com/ugd/f103bb_3cd4cf27617a4c4883c1688439866ffc.pdf
- https://static.usrfiles.com/ugd/9cc572_846531787fda4dc5b2b7533f8d542ecb.pdf
- https://static.usrfiles.com/ugd/9d66c7_f3476e1bdadd4b4a938f0cf2a7f11bdb.pdf
- https://static.usrfiles.com/ugd/b8c837_cfc2266b12354d6bb593e96dbaea740c.pdf
- https://static.usrfiles.com/ugd/3f80ec_60d235f1d86e45fcbd6d0eae5badb1df.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b0da.binf8b519678074e36fb58446131c875a18a702bdc0ecb865b6d2cedb6c068019fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB0DA | 5540 bytes |
font_01_sfnt_off0000c347.bin918492dbf8064ac084b64c2578827e8c5d4a29ce0edffd4eeaacbaecb92ed2bf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC347 | 12792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.