MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, identified as a link farm. One of these links, 'https://ttraff.cc/wix?keyword=minecraft+achievement+guide+ps4', points to known malicious redirector infrastructure. The document body, though heavily obfuscated, appears to contain keywords related to gaming, likely as a lure. The presence of a link farm and a malicious redirector suggests an attempt to drive traffic to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=minecraft+achievement+guide+ps4
- https://static.usrfiles.com/ugd/07ef24_f03290c3cc37417b829969ef3561d204.pdf
- https://static.usrfiles.com/ugd/e2b09b_6f5f014b4f4e4c758c0b378ae7a8d789.pdf
- https://static.usrfiles.com/ugd/bd5c68_2b6e9f2e7b98461a8a85fe606b876629.pdf
- https://static.usrfiles.com/ugd/93971e_32dc8cc3bb6e4a61840bb7cfca605c91.pdf
- https://static.usrfiles.com/ugd/dd4472_12248fc8d0f14386a69db4e84ee29e07.pdf
- https://static.usrfiles.com/ugd/374ce0_b00f823cf7b845a591b4602f2b7827b3.pdf
- https://static.usrfiles.com/ugd/b8c837_1293287e7e3a44c29aaaaa3d9496ddd4.pdf
- https://static.usrfiles.com/ugd/7baf93_9fef00679e5641928822da0df13126f5.pdf
- https://static.usrfiles.com/ugd/b8c837_d81b9089030945d886ddd7c35c0b34d2.pdf
- https://static.usrfiles.com/ugd/73c254_2b20ab7ba4f5410986aea21a9423a063.pdf
- https://cdn.shopify.com/s/files/1/0431/3831/8487/files/87989437464.pdf
- https://cdn.shopify.com/s/files/1/0430/9906/2421/files/berlin_alexanderplatz_roman.pdf
- https://cdn.shopify.com/s/files/1/0435/4464/1685/files/xulusadosubuledivoxaduz.pdf
- https://cdn.shopify.com/s/files/1/0433/9276/2017/files/23952191039.pdf
- https://static.usrfiles.com/ugd/45e30f_4efa051cd6cb47d7b25c1d9077843a1b.pdf
- https://static.usrfiles.com/ugd/b8c837_6065188ab8e34fb9ba84f9bcf177a299.pdf
- https://static.usrfiles.com/ugd/79e0dc_8663e84f0a174134a01476f219f70a39.pdf
- https://static.usrfiles.com/ugd/d5415a_c632efbebe4843499e53f08f724f5893.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000099b3.bin0f62581d6c81786e20edf7d4a6c96d98dcd241ce36924e7d426d7c8d0d924400 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x99B3 | 5692 bytes |
font_01_sfnt_off0000acfe.bin0d5f329d80c0391191f3298ea7469b60dc5dbb39f35a03416fdc8048ef25991f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xACFE | 10332 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.