MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a malicious redirector link disguised as a motorcycle service manual. This link points to 'ttraff.me', which is known malicious infrastructure. The document also contains a large number of embedded PDF links, likely for SEO manipulation to increase visibility. The ML classifier strongly indicates maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=motorcycle+service+manual+pdf
- https://93d4ef13-a5ea-4176-a8e3-297156907215.filesusr.com/ugd/69695d_8e76db1ead564cf283125ba0fd8efc33.pdf?index=true
- https://c0ad88f4-2b49-4f66-9c6b-c405e03f75fb.filesusr.com/ugd/96564c_6accc43924ad4ed1b53c771034538266.pdf?index=true
- https://b08d8856-5ff8-4674-899d-896d67caf60e.filesusr.com/ugd/b65acf_5c36ae564aff4cefac6053b99c95e467.pdf?index=true
- https://b1ae68a8-94ed-4b64-ba1c-b30a98a92891.filesusr.com/ugd/ed8107_a23f1be8caf24361a2e823a0b8428a03.pdf?index=true
- https://7f9a7ebc-aba9-4aa6-a023-bec75a2e9e49.filesusr.com/ugd/384ea4_fff8ae9f3c194d889c79d4d7739fe091.pdf?index=true
- https://291d7190-adbb-47b2-b1c0-5bad3fd5e913.filesusr.com/ugd/9ff9b8_6b3f286d7f854726be954c739427a160.pdf?index=true
- https://8f13a7e3-e954-487e-a2cd-43f53a1e9fba.filesusr.com/ugd/04c368_ccd3568bb6904a5fb7b4cce9257ac245.pdf?index=true
- https://47948147-9b2b-40c9-a8c2-bb427d678c4f.filesusr.com/ugd/7be1cd_efeca0470ec94dca86bd2a08e29ee2e5.pdf?index=true
- https://7b2e0dc6-6319-4557-a191-625205444bc9.filesusr.com/ugd/89064d_08bfaf477ec04848a8ec3182f8ecfd4f.pdf?index=true
- https://51a89ff5-139b-4a44-9e93-7b68b11b599f.filesusr.com/ugd/24d943_775f1b9c10b94110911c7f3f5ed9ab59.pdf?index=true
- https://091f2adf-6abd-4a87-affd-0cf64f697b86.filesusr.com/ugd/bc0b97_534f947693684c74b39c804f7afe06bc.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/6531/9324/files/certificacion_laboral_teleperformance.pdf
- https://cdn.shopify.com/s/files/1/0462/1710/1466/files/types_of_international_business_strategies.pdf
- https://cdn.shopify.com/s/files/1/0436/9684/9051/files/bayilvan_movie_songs.pdf
- https://cdn.shopify.com/s/files/1/0433/0009/4112/files/wofapok.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006352.bin301adfedccd62eb67627727773da0e294df5b06e6aa63215fab0bdb5462badef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6352 | 5468 bytes |
font_01_sfnt_off000075f3.bin770bcf85b3e41f6d6058e6660cfaa4aa7a3fa95492f0c7fd7b2bd38cae327a70 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75F3 | 10336 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.