MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.ru/wix?keyword=astm+a240+vs+a276'. This indicates the document's primary purpose is to lure the user to a malicious site. The PDF also contains a large number of embedded links, suggesting a link farm or SEO poisoning tactic to increase visibility. The ML classifier strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=astm+a240+vs+a276
- https://cdn.shopify.com/s/files/1/0447/0921/6409/files/causative_have_advanced_exercises.pdf
- https://cdn.shopify.com/s/files/1/0430/0010/3073/files/97661113851.pdf
- https://cdn.shopify.com/s/files/1/0430/6694/9799/files/the_eminence_in_shadow_raw.pdf
- https://cdn.shopify.com/s/files/1/0437/6782/4533/files/42635597834.pdf
- https://cdn.shopify.com/s/files/1/0431/5460/4198/files/59906830217.pdf
- https://cdn.shopify.com/s/files/1/0432/5530/0249/files/recursive_palindrome_java.pdf
- https://cdn.shopify.com/s/files/1/0447/5237/1863/files/50964719522.pdf
- https://cdn.shopify.com/s/files/1/0441/0333/6088/files/to_zanarkand_guitar_tab.pdf
- https://static.usrfiles.com/ugd/0dd040_c31de9774a8747e29d52013e3d49e297.pdf
- https://static.usrfiles.com/ugd/8b97dd_03c62332808a45fd85187f5d67fffeb5.pdf
- https://static.usrfiles.com/ugd/b8c837_de660deea5814e5d910bc7ff0c08474d.pdf
- https://static.usrfiles.com/ugd/cbdbb6_f4b0648d4f0543378a184e28f19ff318.pdf
- https://static.usrfiles.com/ugd/b8c837_feea9c8c46c14084a1ed97d141a35646.pdf
- https://static.usrfiles.com/ugd/b8c837_1cca151932c04f19ba94db3104cbf18e.pdf
- https://static.usrfiles.com/ugd/b8c837_ba65e87fb41747d7a4e1e8e7989b9ad4.pdf
- https://static.usrfiles.com/ugd/b8c837_bf320dace5ef4899b94c0e7b89ca9479.pdf
- https://static.usrfiles.com/ugd/dfb5f8_f37bcfaf1cc04e52b32fbb7a13f3d84c.pdf
- https://static.usrfiles.com/ugd/b8c837_9083d8142d3d4032a29129d32455429d.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001291a.bin8020be71f36943cf48627947f90a66feb1849b24dfebe9b5ce0af8ec74a341cd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1291A | 4752 bytes |
font_01_sfnt_off0001393f.binbeb2e4d2f96338b0e200db501bec5ea91c466a52376fb6c3523c2b87ca28e0c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1393F | 15712 bytes |
font_02_sfnt_off00016996.bin7f6049e5011acf0e8581793f2bc2bb947aac2929fdb77abc318b2a6155c1ef71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16996 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.