MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a large external PDF link farm. The primary malicious URL identified is ttraff.com, which is linked to a keyword search. The document body contains garbled text but also includes the malicious URL and several benign-looking Shopify URLs, suggesting a deceptive lure. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=cake+walk+game+printable
- http://kolivat.belab-eurachem2016.com/uploads/1/3/0/8/130813668/6347893.pdf
- http://files.turntothework.net/uploads/1/3/1/3/131381288/busezetazor_subib_fusofekob_tefafakulolekap.pdf
- https://cdn.shopify.com/s/files/1/0432/0978/5512/files/cisco_networking_essentials.pdf
- https://cdn.shopify.com/s/files/1/0435/4929/4756/files/autodesk_revit_basics.pdf
- https://cdn.shopify.com/s/files/1/0439/2773/2379/files/ignou_mcom_assignment_2020_19_solved_guffo.pdf
- https://cdn.shopify.com/s/files/1/0434/7029/1096/files/volkswagen_jetta_service_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/0230/6468/files/21383957924.pdf
- https://cdn.shopify.com/s/files/1/0435/3966/0954/files/catalogue_schneider_2020_en_francais.pdf
- https://cdn.shopify.com/s/files/1/0428/3914/6662/files/66393194156.pdf
- https://cdn.shopify.com/s/files/1/0460/1158/0577/files/osrs_surprise_exam_answers.pdf
- https://cdn.shopify.com/s/files/1/0439/0905/4619/files/retozilarelu.pdf
- https://9e24f20d-c7fb-4bc8-ba0c-593529ace43f.filesusr.com/ugd/b81754_b5eeb91100fe4ab9a793198fbeb8cdbf.pdf?index=true
- https://1d2f6abd-f036-457f-a920-ae901a46d81d.filesusr.com/ugd/8ba634_ce8d22c56d20412184bba7b4d141fc16.pdf?index=true
- https://443a664d-5d62-4700-afb8-cb65f7b79794.filesusr.com/ugd/a32c20_829bbbd0ffbb45a3ad3fe9b710b5a5d0.pdf?index=true
- https://ab34fc3c-9526-47d4-ad82-62e9d79fa09c.filesusr.com/ugd/d4579c_00f20aba586d4feea83dc338df7d2ec5.pdf?index=true
- https://8c6da19c-edb2-4673-bd95-be0edcb7e044.filesusr.com/ugd/5a4aad_cbe8057b6df745e4acedb8d2261dc011.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000635a.bindcb90481e411d9987b7d732fb9c6b1ef5765295b582a5faea00ff4c5ebec7ab8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x635A | 5164 bytes |
font_01_sfnt_off000074e4.bine93a33c6504d1dca35b8f4a2b6e7f259da7c270639966c544461b32a64571fb7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74E4 | 10340 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.