MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file contains a large number of embedded links, many of which point to disposable hosting or redirector infrastructure. The primary URL, https://ttraff.club/wix?keyword=find+the+slope+given+two+points+worksheet+doc, suggests a lure to trick users into downloading further content. The ML classifier strongly indicates maliciousness, and the link farm behavior is a common tactic for distributing malware or conducting phishing campaigns.
Machine Learning
- Nyx PDF Classifier malicious score 0.9970
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=find+the+slope+given+two+points+worksheet+doc In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://171d0b28-4cbb-4a56-8e14-92d080c69f55.filesusr.com/ugd/efc97f_1bd1c31fa9dc4ddd8ee36bba12355526.pdf?index=trueIn PDF document text
- https://9c670ae2-7d38-48f7-aaa7-6ca4c246937e.filesusr.com/ugd/39cb9d_f62e976024ba436c9d462d16ed290682.pdf?index=trueIn PDF document text
- https://6a253ec8-6d74-45ec-b47a-a19cd91f5c79.filesusr.com/ugd/011e4b_ce8c4aab68be40f68e61c0f5bbe574b7.pdf?index=trueIn PDF document text
- https://818530b3-0430-4a33-9184-81ff08ee5c02.filesusr.com/ugd/c33cdb_71f6945c50b548e7b6f011ca998b9ce7.pdf?index=trueIn PDF document text
- https://6b86eb0d-40a6-4650-ad95-9c06ac74fd8e.filesusr.com/ugd/d216cb_38bb6753f7f84f379de7d504b410fbb5.pdf?index=trueIn PDF document text
- https://9f38e598-0eb6-4ab4-b425-6297cbffd2b3.filesusr.com/ugd/33ab24_acceefce51404c91b79c8c3a8bb9fb81.pdf?index=trueIn PDF document text
- https://cdn.shopify.com/s/files/1/0428/1031/0822/files/nabuvefoxovajutazav.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0456/9946/5372/files/tenikuxoxewajewuf.pdfIn PDF document text
- https://6d36bd65-e2a0-4753-ab35-5260af711913.filesusr.com/ugd/ab922d_ed1cd6c09d874bb6afae666bd20ef1f8.pdf?index=trueIn PDF document text
- https://6081803a-3db9-471a-9e19-c27c079f0f99.filesusr.com/ugd/ea2f88_59d4f2f73de64f74a6508b0f3c1e30c1.pdf?index=trueIn PDF document text
- https://9b35f37d-0256-45b1-b8f5-cf525fb70a17.filesusr.com/ugd/1fbf8b_ad5a54fe48b24ad5b94c846611b924cb.pdf?index=trueIn PDF document text
- https://9b15107e-0e6a-4665-b0dc-57da0838c4ba.filesusr.com/ugd/61b8bf_9e479d82ff43431b860e48a132b46c9b.pdf?index=trueIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000047f0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x47F0 | 5296 bytes |
SHA-256: da24fea8234d9d100bb7c49598a9d18d391298a6b73e54948118cc1409f7ff48 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.