MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded links, many pointing to what appears to be a link farm hosted on Shopify. One prominent link, 'https://ttraff.com/pify?keyword=blitzer+college+algebra+pdf', is flagged as a malicious redirector. This suggests the document's primary purpose is to redirect users to malicious sites, likely for phishing or malware distribution. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=blitzer+college+algebra+pdf
- http://files.kristindahlhomeloans.com/uploads/1/3/2/6/132695668/ziwituwesuxofiruf.pdf
- http://files.steepyourcuriositea.ca/uploads/1/3/0/7/130775223/vilisal.pdf
- http://files.rmmfoundation.org/uploads/1/3/1/3/131379971/mudugu.pdf
- http://files.carolinamunozparra.com/uploads/1/3/1/8/131856173/34d2f38d451.pdf
- http://files.annekawalker.com/uploads/1/3/2/7/132740352/sadixiva-vuzaxeri-gipowo-liwaka.pdf
- https://cdn.shopify.com/s/files/1/0430/7196/3296/files/70674390118.pdf
- https://cdn.shopify.com/s/files/1/0429/7634/6266/files/zijigajitetel.pdf
- https://cdn.shopify.com/s/files/1/0435/3202/6008/files/84516825556.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/84860081798.pdf
- https://cdn.shopify.com/s/files/1/0428/1656/9500/files/43512179021.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/3152232763.pdf
- https://cdn.shopify.com/s/files/1/0431/6761/3087/files/megetik.pdf
- https://cdn.shopify.com/s/files/1/0431/2861/9168/files/87141767125.pdf
- https://cdn.shopify.com/s/files/1/0432/3858/8584/files/71929045918.pdf
- https://cdn.shopify.com/s/files/1/0435/6043/5873/files/suvenovevowejevibagi.pdf
- https://cdn.shopify.com/s/files/1/0431/1089/1680/files/45096709022.pdf
- https://cdn.shopify.com/s/files/1/0428/8777/4374/files/dinonazaru.pdf
- https://cdn.shopify.com/s/files/1/0440/6578/3958/files/south_lomei_labyrinth.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008a03.binbef78895009178a9e924030aa4f20e06d6c0176beba9ce2d5a772ac041ec329c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A03 | 5384 bytes |
font_01_sfnt_off00009c6a.bin9595f9f0956292e6a9cadf40de624696338506925a1938d69fa6fb0ed0c0a3ec |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C6A | 10724 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.