MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, identified as 'ttraff.cc'. The document body, though heavily obfuscated, contains text that appears to be a lure related to a 'monster guide', suggesting a social engineering pretext. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=ff13-2+monster+guide
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://8f7cab17-1e74-40d5-8ace-d08ad39b89b0.filesusr.com/ugd/2ac701_bf52bd9b38274ec4b2ac1e85a62fd662.pdf?index=true
- https://55f5b566-ea11-4455-b025-1c30f25c235a.filesusr.com/ugd/dbbfd0_6b18759532a040f69f6c19bd8dec4663.pdf?index=true
- https://99312745-ff5d-4760-a7d7-1c2936f55d96.filesusr.com/ugd/8aba0c_a60321617e0244ada601f8395ffdfd51.pdf?index=true
- https://f535d5f2-5380-4d23-9aa5-8919ad161766.filesusr.com/ugd/bc79a4_09188d6b394b4acab6c32b227ef35a72.pdf?index=true
- https://277ba10e-009f-4d7a-b775-6e7a285bf760.filesusr.com/ugd/fb5067_fdf87977bad9400cadd20c2ed3796a4d.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/1871/4264/files/4986477255.pdf
- https://cdn.shopify.com/s/files/1/0432/6899/7284/files/88149135152.pdf
- https://cdn.shopify.com/s/files/1/0437/3364/7509/files/tigusufenosaz.pdf
- https://cdn.shopify.com/s/files/1/0431/4267/6636/files/solubility_of_alcohols_and_carboxylic_acids_in_water.pdf
- https://cdn.shopify.com/s/files/1/0428/5346/6271/files/thinking_in_java_pl.pdf
- https://521c2b33-b5ab-40e3-b8c8-32d366487c4b.filesusr.com/ugd/72ed28_46f470aaf8e446a5a197b11da378765a.pdf?index=true
- https://52287ee0-8060-48d1-a952-6a54a2fd7ed3.filesusr.com/ugd/6924eb_12290cb5b2cb4ad58ebc9544fe3753b4.pdf?index=true
- https://6cddc9ff-4e17-493a-8e99-3eb0b2c08555.filesusr.com/ugd/fdd6c2_f2f3f81f6d4d481b829b45b1962f235b.pdf?index=true
- https://cdn.shopify.com/s/files/1/0435/3641/6936/files/6223049283.pdf
- https://cdn.shopify.com/s/files/1/0435/1728/0408/files/36623695948.pdf
- https://cdn.shopify.com/s/files/1/0435/9893/8274/files/archetypes_of_literature_by_northrop_frye.pdf
- https://cdn.shopify.com/s/files/1/0434/7474/7558/files/angularjs_component_templateurl.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00042276.bin260a3cc21717ac1a1cf17a0fa1e13ef4c29644df3bec771f306ed3e888b69b9c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x42276 | 5320 bytes |
font_01_sfnt_off0004348c.bin5e4cfa177754fee65f4e0995d993b2058607d282d69886c32440b04efee774fe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4348C | 17236 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.