MALICIOUS
232
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous links designed to appear as search results or legitimate documents, but they redirect to malicious infrastructure. Specifically, the link 'https://ttraff.com/wix?keyword=fedders+window+air+conditioner+replacement+parts' is identified as a malicious redirector. This pattern suggests an attempt to lure users into clicking malicious links, likely for phishing or to download further malware.
Machine Learning
- Nyx PDF Classifier malicious score 0.9985
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
PDF link to algorithmically-generated URL high PDF_RANDOM_URL_LINKPDF contains a clickable HTTP(S) link whose host looks algorithmically generated (pronounceable-random labels) and whose path/query carries a long high-entropy token. This is the randomized-redirector pattern of malspam phishing lures — the visible document is only a prompt — not a PDF parser vulnerability.
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=fedders+window+air+conditioner+replacement+parts In PDF document text
- http://rumun.privatecounsellingandmediation.com/uploads/1/3/0/7/130775565/6f575.pdfIn PDF document text
- http://vipowoxoz.pioneervalleykennelclub.com/uploads/1/3/2/3/132302842/zonadonan-kotemafidu-komolibur.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static.usrfiles.com/ugd/b28ae2_b7cbeb096977489a8f0c1584f99bdb72.pdfIn PDF document text
- https://static.usrfiles.com/ugd/97368a_3d685c8de3d8422a8ee1746597fe6d30.pdfIn PDF document text
- https://static.usrfiles.com/ugd/4c76bf_a4cae0fcc1c6426e86ec1e03290885e2.pdfIn PDF document text
- https://static.usrfiles.com/ugd/418e76_8959b7e1321142c8b53db5c6dc86cd72.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0429/8758/5699/files/kanobasuvipujavowiredupaf.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/7844/9307/files/cracked_minecraft_1._14._2.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0435/0771/2155/files/99468484792.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0440/2846/1206/files/maplestory_4th_job_advancement_level.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0433/4272/5275/files/estilo_apa_bibliografia.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/9113/0536/files/r_statistical_software.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0432/3095/3630/files/wisufid.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0438/9113/0536/files/gastroenteritis_akut_idai.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004871.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4871 | 5052 bytes |
SHA-256: 092db1cf6a923a0e55279d4990ac1d8d95c6635b6485ae4351a6cc3f034fb002 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.