MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF document contains a heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it points to known malicious infrastructure. Additionally, PDF_SEO_LINK_FARM indicates a large number of external PDF links, likely for SEO manipulation or to host further malicious content. The embedded URL https://ttraff.cc/wix?keyword=unity+admob+android+manifest is the primary indicator of malicious redirection.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=unity+admob+android+manifest
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static.usrfiles.com/ugd/6f58fb_ac99014cbbde476b81541fd420148aa0.pdf
- https://static.usrfiles.com/ugd/6f58fb_9e1e2015636a421b98b6fa57a4fec3f0.pdf
- https://static.usrfiles.com/ugd/b8c837_d1d7f7b7a9fa4410bb39b8d6906269d2.pdf
- https://static.usrfiles.com/ugd/b8c837_39b62fde182245a490cdfdb8545c9830.pdf
- https://static.usrfiles.com/ugd/b8c837_a89861ec2d0148a5bc7c1a34fe376d43.pdf
- https://static.usrfiles.com/ugd/575363_a913be97737741918da6fa798f426ff6.pdf
- https://static.usrfiles.com/ugd/43d598_b7426500e8e1497e9419441b4d62bccd.pdf
- https://static.usrfiles.com/ugd/2c8d66_cc964b5db0e247368b741c7055380184.pdf
- https://static.usrfiles.com/ugd/be19e1_15e7ffaf71eb4594b5f0f8a42e5e2507.pdf
- https://static.usrfiles.com/ugd/b8c837_93879a5317f44462a68c02a82ce7a5da.pdf
- https://static.usrfiles.com/ugd/ea78e0_f6359848a4d84f3d9d2bb761475ec9f8.pdf
- https://static.usrfiles.com/ugd/b8c837_4ba0a978e0bb41e2972748cc6b0578d4.pdf
- https://static.usrfiles.com/ugd/b8c837_34adb5eaa6b245c2b452b7330120860a.pdf
- https://static.usrfiles.com/ugd/b8c837_06be2f7c8e9b444bb602d682ebe931fd.pdf
- https://static.usrfiles.com/ugd/aff7ca_4e10ed5665e24cf8b054498d56d4ee34.pdf
- https://static.usrfiles.com/ugd/238140_5abe625a08c2407baf15f827b172115d.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006833.binb81dd07f17d0f08c0c9904c3637c4300d4507a8c9af55d4b493876f525252f24 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6833 | 5256 bytes |
font_01_sfnt_off000079fe.bind9c562bcb59eef1d688422557d8f21a4a70be9819aae997f2313d5aa4154e323 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79FE | 12068 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.