MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external links, indicating a link farm. The primary malicious URL identified is https://ttraff.cc/wix?keyword=free++cartoon+beer+glass, which likely serves as a redirector to further malicious content. The document body, though heavily corrupted, contains references to this URL and other PDF files hosted on static.usrfiles.com, reinforcing the link farm tactic.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=free++cartoon+beer+glass
- https://static.usrfiles.com/ugd/b8c837_807607779fc04239a6a21bfcf431a1df.pdf
- https://static.usrfiles.com/ugd/6cfc61_5eb3106247a943249602cb2659c42b5c.pdf
- https://static.usrfiles.com/ugd/b42fd6_f5a9d36f50904c37ad38c14a96a78544.pdf
- https://static.usrfiles.com/ugd/10e3af_a66cf365daa74a5ab6fd026c6f74107b.pdf
- https://static.usrfiles.com/ugd/12dc78_2d3947549a1d457daa93a0ca57f53808.pdf
- https://static.usrfiles.com/ugd/b8c837_762b6dbac868490a9eb1d82683b1ecc1.pdf
- https://static.usrfiles.com/ugd/55f640_d4f1e7d6e113458aa326b2d580f08a72.pdf
- https://static.usrfiles.com/ugd/de3d83_c61265f90e0249389d981f8072dd0fd4.pdf
- https://static.usrfiles.com/ugd/ab0441_0e302b03a3cd43169cc033fc1655c20d.pdf
- https://cdn.shopify.com/s/files/1/0435/5283/3695/files/9356527350.pdf
- https://cdn.shopify.com/s/files/1/0428/8859/3571/files/tawitafuwotokovupi.pdf
- https://cdn.shopify.com/s/files/1/0431/5702/9018/files/dxpxox_dad_xname__x.pdf
- https://cdn.shopify.com/s/files/1/0431/9795/6258/files/8071133786.pdf
- https://cdn.shopify.com/s/files/1/0438/3696/5026/files/kafaxilo.pdf
- https://cdn.shopify.com/s/files/1/0432/7938/4736/files/38896422025.pdf
- https://cdn.shopify.com/s/files/1/0459/7311/0951/files/6687912353.pdf
- https://cdn.shopify.com/s/files/1/0437/2388/2664/files/kawegiwelirodokisaxus.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004e8b.bind8b86f8ff0fc4aad718989c4be8178bf48ade01c4248a58153342152cfa1ed99 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E8B | 5060 bytes |
font_01_sfnt_off00005fd2.bind46686f5b8eac7e9128c3297fdcfc0bed847fac573ad99331ff55ff016248d9b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FD2 | 12872 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.