MALICIOUS
142
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a malicious redirector link pointing to 'ttraff.ru', which is associated with known malicious infrastructure. The document body and heuristics indicate an advance-fee scam lure, likely aiming to trick users into downloading a malicious file disguised as a PDF. The ML classifier also flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.9752
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=zweihander+rpg+pdf+download
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/b8c837_a0d94ff95558444b8022f497068e32ae.pdf
- https://static.usrfiles.com/ugd/b8c837_683f2d2acf5a4d01bc396865a5358437.pdf
- https://static.usrfiles.com/ugd/73cb9e_a72e9f5ba2054c1089477f406f34e666.pdf
- https://cdn.shopify.com/s/files/1/0441/1441/1672/files/62889423216.pdf
- https://cdn.shopify.com/s/files/1/0431/7757/4551/files/11105671725.pdf
- https://cdn.shopify.com/s/files/1/0434/2897/0647/files/oxford_student_s_thesaurus.pdf
- https://static.usrfiles.com/ugd/6116da_da65dd5fc15144349c8ae573c0b1be5d.pdf
- https://static.usrfiles.com/ugd/b11f6d_92b1c03c326d4ce2a3c6e5ab4213ea42.pdf
- https://static.usrfiles.com/ugd/b8c837_cc272b27e15f4de58af9a9a24f09f596.pdf
- https://static.usrfiles.com/ugd/b8c837_53aab9d6d5c14b72a94ac2b9ac3f740e.pdf
- https://static.usrfiles.com/ugd/c3f88d_ada5f883adc24ea49eb8ff866fa674ad.pdf
- https://cdn.shopify.com/s/files/1/0431/5476/8021/files/90256384640.pdf
- https://cdn.shopify.com/s/files/1/0430/7353/6149/files/10277719098.pdf
- https://cdn.shopify.com/s/files/1/0435/1141/4939/files/72212492880.pdf
- https://cdn.shopify.com/s/files/1/0431/3517/2770/files/antisocial_personality_disorder_questionnaire.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00072bb7.bina41cc7cf3536bd7b8072d2d64a75994076b298719762256e479cd7cabface947 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72BB7 | 5172 bytes |
font_01_sfnt_off00073d5c.binc966c4551f88a1bea7eded6b2f3413a9e25bc49fc8cb7c4e3668d7932eeae7b1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x73D5C | 13776 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.