MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged as malicious due to embedded links pointing to known malicious redirector infrastructure. The primary malicious URL identified is https://ttraff.ru/pify?keyword=surat+yasin+dan+tahlil+arab+pdf. The document body contains garbled text and embedded URLs, suggesting it is designed to lure users into clicking the malicious link, potentially leading to a phishing or malware download site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=surat+yasin+dan+tahlil+arab+pdf
- http://files.lifecycleaquatics.com/uploads/1/3/0/9/130969505/4747252.pdf
- http://files.rootedaltarministries.org/uploads/1/3/1/4/131437535/16f351e.pdf
- http://files.jlongkandb.co.uk/uploads/1/3/1/6/131606368/da1337258866eff.pdf
- http://files.leap-of-faith.blog/uploads/1/3/0/8/130813317/205877.pdf
- http://files.mrsoneyscomputerlab.com/uploads/1/3/1/0/131070113/zevakugi.pdf
- https://cdn.shopify.com/s/files/1/0434/5063/0296/files/sibozaxipibenosuzone.pdf
- https://cdn.shopify.com/s/files/1/0434/3165/7621/files/tufuxajexaralamuzedapexip.pdf
- https://cdn.shopify.com/s/files/1/0431/9281/1681/files/25958050779.pdf
- https://cdn.shopify.com/s/files/1/0431/2036/1629/files/1864217869.pdf
- https://cdn.shopify.com/s/files/1/0429/9977/5381/files/52553042522.pdf
- https://cdn.shopify.com/s/files/1/0429/9600/7065/files/57013982046.pdf
- https://cdn.shopify.com/s/files/1/0429/4197/2636/files/bankersadda_hindu_di.pdf
- https://cdn.shopify.com/s/files/1/0437/0743/3125/files/53759905563.pdf
- https://cdn.shopify.com/s/files/1/0433/3161/6923/files/ielts_writing_task_2_sample_answer_band_8.pdf
- https://cdn.shopify.com/s/files/1/0437/5432/4117/files/71645179136.pdf
- https://cdn.shopify.com/s/files/1/0431/6885/8280/files/50809948562.pdf
- https://cdn.shopify.com/s/files/1/0437/5085/0714/files/60214179318.pdf
- https://cdn.shopify.com/s/files/1/0431/6954/6395/files/soromumewasofawujigofag.pdf
- https://cdn.shopify.com/s/files/1/0436/0473/8206/files/dipakikulewefamezigop.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off0001a57b.binef2717e3b74151f29f91f6c9320721e70b6291fec87310d781824f858cdf274b |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1A57B | 33392 bytes |
font_00_sfnt_off00016fa4.binefadc52a8da34812554045db873dbe75ca112f508a5453610c1d1756584c727c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16FA4 | 5476 bytes |
font_01_sfnt_off00018237.binc154a5d6795264edf779658b0baadaf466043df7688e58c1a84c5c51ab2ecee7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18237 | 10328 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.