MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged as malicious by a machine learning classifier and contains a significant number of embedded links. One of these links, 'https://ttraff.cc/wix?keyword=dc+unchained+guide', points to known malicious redirector infrastructure. The document body, though heavily obfuscated, also contains this URL and numerous other links hosted on Shopify, suggesting a link farm or SEO spam tactic.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=dc+unchained+guide
- https://cdn.shopify.com/s/files/1/0429/8063/8879/files/functions_of_computer_keyboard_keys.pdf
- https://cdn.shopify.com/s/files/1/0441/3915/1512/files/6533054478.pdf
- https://cdn.shopify.com/s/files/1/0434/4968/0028/files/playing_cards_games_bridge_free.pdf
- https://cdn.shopify.com/s/files/1/0429/8804/4442/files/94245809936.pdf
- https://cdn.shopify.com/s/files/1/0434/1055/5041/files/ketoasidosis_diabetik_anak.pdf
- https://cdn.shopify.com/s/files/1/0431/7485/4812/files/faststone_capture_key.pdf
- https://cdn.shopify.com/s/files/1/0437/3449/9489/files/69835324860.pdf
- https://cdn.shopify.com/s/files/1/0429/2945/5271/files/rukmini_swayamvar_book_in_english.pdf
- https://448ca009-418c-45c4-b183-4d35d22ca5d6.filesusr.com/ugd/c1108c_ff89217464bd482ab667357cb3ed90dc.pdf?index=true
- https://b77bd33b-6ab1-4856-90ab-544d22691bf6.filesusr.com/ugd/6924eb_ad66d63461f343d29b16d2d9fa4296ef.pdf?index=true
- https://fde60da7-732e-4475-9d31-9b82f63356e0.filesusr.com/ugd/8a9bcc_85a95f0d5eed4d97ba62d2a9c0b68ea8.pdf?index=true
- https://154544c7-2730-4c8c-87c0-4c8be40dcf9d.filesusr.com/ugd/a2ebd8_a3c55d82da3a414f9010c1792779295b.pdf?index=true
- https://894fa86e-8814-4906-967b-44bee082fb33.filesusr.com/ugd/1acd69_e94def700fa741e98ae03284f90136de.pdf?index=true
- https://06e89dc1-5b57-4e53-baf3-f74bb1a3b053.filesusr.com/ugd/a32c20_8b40c3c0f6474f31acfe57209aa9496d.pdf?index=true
- https://8276aa87-bb0c-4af6-b6f2-5e00547f6f5c.filesusr.com/ugd/fe83c3_79232324e3c84c3db10a4591c7e6cc0b.pdf?index=true
- https://33ec3420-ab41-4c48-95e6-6ce9ce8f8e6e.filesusr.com/ugd/fbccce_8b9e0f2064134ced88bada2ef9db3117.pdf?index=true
- https://7681f8cb-6432-4883-8bce-3f23cad3e375.filesusr.com/ugd/8a4248_dacbefef80144c28a62fbf3d404f35d7.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://154544c7-2730-4c8c-87c0-4c8be40dcf9d.filesusr.com/ugd/a2ebd8_a
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006c13.bin54898c534c065d2411b729bb72ed0a369adfb5f24106d22d11d9bf6838603cbb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C13 | 4892 bytes |
font_01_sfnt_off00007cc2.bind949afc1f204e0cda47cda87195c79d6d16df52d220a2d027a021d67c7adbc05 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7CC2 | 10408 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.