MALICIOUS
172
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as an image-only lure, typical of phishing campaigns. It contains a critical heuristic firing for a malicious redirector link, which points to a URL designed to lead users to further malicious content. The document body, though heavily obfuscated, contains the same redirector URL and other PDF links, suggesting a link farm used for SEO poisoning or distributing malware.
Machine Learning
- Nyx PDF Classifier malicious score 0.9972
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 16 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/123?keyword=minecraft+forge+installation+instructions
- https://cdn-cms.f-static.net/uploads/4365570/normal_5f88c0897ecdb.pdf
- https://cdn-cms.f-static.net/uploads/4373768/normal_5f8a78870d151.pdf
- https://cdn-cms.f-static.net/uploads/4380213/normal_5f8aa6fbb1441.pdf
- https://cdn-cms.f-static.net/uploads/4366630/normal_5f888321e5d6f.pdf
- https://cdn-cms.f-static.net/uploads/4366018/normal_5f8b81e1e60bb.pdf
- https://cdn-cms.f-static.net/uploads/4379482/normal_5f8baa2ff0818.pdf
- https://cdn-cms.f-static.net/uploads/4365998/normal_5f87b0a411916.pdf
- https://cdn-cms.f-static.net/uploads/4369508/normal_5f8ba347e34e1.pdf
- https://nafeziwubiwodi.weebly.com/uploads/1/3/1/3/131379183/jujivonot_sadiwegoj.pdf
- https://xoraxabaxid.weebly.com/uploads/1/3/2/6/132682630/forulatesanowe.pdf
- https://pevugubak.weebly.com/uploads/1/3/2/7/132740457/9d8450a7c8c5e.pdf
- https://kokubexajaluk.weebly.com/uploads/1/3/2/6/132681668/mutaloduwug-ganomidubit-zatuzigixob.pdf
- https://jawowigo.weebly.com/uploads/1/3/0/7/130774982/abef22d064547.pdf
- https://fanawilixu.weebly.com/uploads/1/3/1/4/131408209/9dca1250ec7.pdf
- https://dimaxafazeza.weebly.com/uploads/1/3/1/4/131453031/8767144.pdf
- https://uploads.strikinglycdn.com/files/ad72409d-1e73-4abf-ab9b-b2c8aa51f763/zevigipilu.pdf
- https://uploads.strikinglycdn.com/files/19f360a3-0de0-4b10-ae2b-d3cb00551990/kozodiwukupafifofina.pdf
- https://uploads.strikinglycdn.com/files/f1ea8beb-e8bf-4a14-9d1d-436e60f1c87a/57430364212.pdf
- https://uploads.strikinglycdn.com/files/f6835baf-bcb4-45be-9616-ecaccd41036c/mikonomolurekodeloguvu.pdf
- https://uploads.strikinglycdn.com/files/ea644b75-4692-4251-be25-ea4d566a2da1/17333461239.pdf
- https://cdn.shopify.com/s/files/1/0500/4309/3142/files/embed_file_in_excel_2020.pdf
- https://cdn.shopify.com/s/files/1/0502/3540/8576/files/aircraft_structures_for_engineering_students_download.pdf
- https://cdn.shopify.com/s/files/1/0483/7651/2669/files/new_glenn_development_cost.pdf
- https://cdn.shopify.com/s/files/1/0433/4993/4229/files/chicago_electric_90_amp_flux_wire_welder_parts.pdf
- https://cdn.shopify.com/s/files/1/0438/9647/1707/files/ivy_league_standings_baseball.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.