MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains a large number of embedded links, many of which point to benign-looking PDFs hosted on Shopify. However, one critical link redirects to `https://gettraff.ru/strik?keyword=jumanji+movie+parent+guide`, which is flagged as malicious redirector infrastructure. This suggests a tactic to obscure the final malicious destination by using a link farm, likely intended to trick users into clicking through to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gettraff.ru/strik?keyword=jumanji+movie+parent+guide
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cdn.shopify.com/s/files/1/0266/9546/7195/files/10023740901.pdf
- https://cdn.shopify.com/s/files/1/0434/2536/6165/files/27986659297.pdf
- https://cdn.shopify.com/s/files/1/0465/3989/9039/files/enzymes_worksheet_answers.pdf
- https://uploads.strikinglycdn.com/files/73dc5b02-9af7-4ec5-9f1a-550e5feb07f5/75857310704.pdf
- https://uploads.strikinglycdn.com/files/2cdaaa31-abed-420a-8a60-2667b367882c/twilight_2000_wiki.pdf
- https://cdn.shopify.com/s/files/1/0501/1632/9672/files/kogitadakozerufevelafes.pdf
- https://cdn.shopify.com/s/files/1/0437/9007/4016/files/74547584865.pdf
- https://cdn.shopify.com/s/files/1/0503/2106/4132/files/education_vocabulary_ielts.pdf
- https://cdn.shopify.com/s/files/1/0504/3116/4577/files/simcity_buildit_apk_unlimited_money_coins.pdf
- https://cdn.shopify.com/s/files/1/0499/4246/2618/files/91986319572.pdf
- https://uploads.strikinglycdn.com/files/dfa6e53e-92ba-4520-90c6-a547b4b586da/98397398418.pdf
- https://uploads.strikinglycdn.com/files/d1810a8e-e3ff-45e5-a84e-9d7e76faccaf/kotepurusam.pdf
- https://uploads.strikinglycdn.com/files/96c1887e-064d-4e0f-988c-5ab6957d16e6/42229192921.pdf
- https://uploads.strikinglycdn.com/files/f8de47dc-27fe-4746-b364-1e1b3a6d2888/sojopu.pdf
- https://uploads.strikinglycdn.com/files/36a52ae4-570b-41b9-b115-c4cad598a95c/33271628146.pdf
- https://uploads.strikinglycdn.com/files/c9c4da46-6f77-4fb9-ab1f-ed400f390cee/20557314932.pdf
- https://uploads.strikinglycdn.com/files/e3b49e7e-7439-4264-b262-51aa9f5a6bd1/3812031126.pdf
- https://cdn.shopify.com/s/files/1/0494/0801/6551/files/scopus_index_journal_list.pdf
- https://cdn.shopify.com/s/files/1/0500/2759/3879/files/difalutipumadam.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000074ea.bind512b1dba4ee8a64f1f313686b050f65a351b15de94ffdea721f46ad538eadb0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74EA | 5196 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.