MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged as malicious due to a large number of embedded links, many of which point to a link farm hosted on Shopify. One critical heuristic identified a link to a known malicious redirector at ttraff.ru. The document body contains garbled text but includes the same redirector URL, suggesting an attempt to lure users to malicious infrastructure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=ibanez%20chorus%20flanger%20cf7%20manual
- http://files.dotterwood.com/uploads/1/3/1/1/131164351/bijafibe_lewifamukujus_gurim_momem.pdf
- http://verabiza.jlizjewelrynmore.com/uploads/1/3/0/8/130874429/18ac78b8da.pdf
- http://files.abnormalhunter.com/uploads/1/3/1/0/131069934/3672325.pdf
- https://cdn.shopify.com/s/files/1/0431/4074/3330/files/jijalixoberagebol.pdf
- https://cdn.shopify.com/s/files/1/0435/0833/4744/files/69981575049.pdf
- https://cdn.shopify.com/s/files/1/0432/9078/8000/files/sap_project_manager_interview_questions_and_answers.pdf
- https://cdn.shopify.com/s/files/1/0434/1648/6040/files/32756481239.pdf
- https://cdn.shopify.com/s/files/1/0433/8873/1546/files/puvabisadukeratamoz.pdf
- https://cdn.shopify.com/s/files/1/0435/5430/8245/files/sway-_cdn._com.pdf
- https://cdn.shopify.com/s/files/1/0428/1185/0918/files/48933729229.pdf
- https://cdn.shopify.com/s/files/1/0432/0090/5380/files/zipibexi.pdf
- https://cdn.shopify.com/s/files/1/0430/5318/7221/files/non_enzymatic_browning_reaction.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/wopeg.pdf
- https://cdn.shopify.com/s/files/1/0428/9468/8419/files/vowels_and_consonants_worksheets_for_kindergarten.pdf
- https://cdn.shopify.com/s/files/1/0432/2338/4219/files/36104203808.pdf
- https://cdn.shopify.com/s/files/1/0435/9992/1315/files/fiviripogiw.pdf
- https://cdn.shopify.com/s/files/1/0435/2661/9288/files/93031390959.pdf
- https://cdn.shopify.com/s/files/1/0437/3846/4405/files/reduced_adverb_time_clauses_exercises.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0437/3846/4405/files/reduced_adverb_tim
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000044e2.bin9d5c641b66e943a61d39ae3e93125781dc3a35389ed04726753fe838cb15b27d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x44E2 | 5504 bytes |
font_01_sfnt_off00005777.bin5d8517fba5cb177d420655570fdcdb52262fecf3b541d7acf8e4ff0abfec7009 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5777 | 9752 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.