MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/pify?keyword=cd+template+label'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, many hosted on static.usrfiles.com. The document body text, though heavily obfuscated, contains the string 'Cd template label', suggesting a lure. The primary malicious IOC is the redirector URL, which is likely used to funnel victims to a phishing or scam site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=cd+template+label
- https://static.usrfiles.com/ugd/97634b_c06aa56f146a4986a124e72e8808f752.pdf
- https://static.usrfiles.com/ugd/df73ab_c3134962213f46429be2ba735a210cb6.pdf
- https://static.usrfiles.com/ugd/0ebc1f_7afe165f51a8495c8092b34d274575b1.pdf
- https://static.usrfiles.com/ugd/67e251_013a7cccd60d42f5955ea0830b86eb72.pdf
- https://static.usrfiles.com/ugd/b8c837_0e31703808bf4874b7dd69aadd26b9a4.pdf
- https://cdn.shopify.com/s/files/1/0435/3484/4059/files/da_form_3953.pdf
- https://cdn.shopify.com/s/files/1/0433/7998/2492/files/63427644664.pdf
- https://cdn.shopify.com/s/files/1/0436/8115/3177/files/panuguduvulawodu.pdf
- https://cdn.shopify.com/s/files/1/0431/0204/4316/files/garuk.pdf
- https://static.usrfiles.com/ugd/ca300b_bb4357f61be04099aed8324c393f00c5.pdf
- https://static.usrfiles.com/ugd/c618e9_f13f5536f53043b7b3f472938246d60b.pdf
- https://static.usrfiles.com/ugd/67f5f7_ccc64f828084416dab21ef08beba420d.pdf
- https://static.usrfiles.com/ugd/0ad6c7_69244837b35a4a7abbd6fb83b5093652.pdf
- https://static.usrfiles.com/ugd/a48928_08442755a9834ebaa38ad2845802e6a2.pdf
- https://static.usrfiles.com/ugd/a771bd_abbaa9b58bae4db8a7769931fc36aeb0.pdf
- https://static.usrfiles.com/ugd/b8c837_f218264edc8349bebdb67d6bf3c6ba3e.pdf
- https://static.usrfiles.com/ugd/b8c837_590b5e65201b431d8452dcceb3ed0810.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006992.bin228118fdfa7808488f1cc6e55cbae55d2389bfdce26c83d40726817b68652478 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6992 | 4876 bytes |
font_01_sfnt_off00007a07.bin75b8bd2ab5f622e8f550172e3975a7b2ee779766763cbe30d8c94a0c80170a7e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A07 | 14760 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.