MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass of external links, including a critical redirector URL, indicating a link farm or phishing attempt. The ML classifier strongly flagged this PDF as malicious. The primary malicious indicator is the redirector URL, which likely leads to a malicious payload or phishing page.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=merry+tiller+scotsman+manual
- https://cd02f6a8-b2ae-4b34-8b4f-df49ed704b04.filesusr.com/ugd/93c935_c564a5e09f6b4f3b890d7a1987139156.pdf?index=true
- https://04991caf-c201-4cfb-a5c5-21cb7ecd60a5.filesusr.com/ugd/b91566_673ef45b386743b2a2c697474a799470.pdf?index=true
- https://ec718488-5532-427c-88e4-4df7bacb90bb.filesusr.com/ugd/22739b_8466bb710d364823a8e33a650b0397f6.pdf?index=true
- https://efdac8d4-fcdd-41b7-b0be-86eb0b26aabf.filesusr.com/ugd/b56239_b2981dd434b2452ca85518ebde6c874b.pdf?index=true
- https://0824c5ae-7202-41a3-b45e-878272ee46cc.filesusr.com/ugd/9df9d6_9d96cd66b1014858825a812560e0354f.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/4651/0497/files/mckinsey_problem_solving_test_download.pdf
- https://cdn.shopify.com/s/files/1/0430/2936/4885/files/boris_johnson_eu_brexit_deal.pdf
- https://cdn.shopify.com/s/files/1/0430/0141/3795/files/93115392006.pdf
- https://cdn.shopify.com/s/files/1/0431/0335/5034/files/51353052204.pdf
- https://cdn.shopify.com/s/files/1/0431/7783/6702/files/28362191247.pdf
- https://de8a1f30-3f6d-4b4d-86fe-35bcb431cab9.filesusr.com/ugd/7c1f05_6440f138c736480b9f72bb083c6085c5.pdf?index=true
- https://2fb25829-4972-4849-a952-6eb667df3e25.filesusr.com/ugd/98857b_701c4cee5b6940d0b6f04a9494804b42.pdf?index=true
- https://3161dafd-f7e6-437c-a3f2-d6df8533b68c.filesusr.com/ugd/93c935_abe14a92405d495c9a8a1d99d868b63b.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005628.bin5ad983ba64ce975da3aeac6ae0d5809cb491e18923e3917ddcc65db46c214a15 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5628 | 5052 bytes |
font_01_sfnt_off0000674f.bin56581d12d16bbd5fba369d9af7c7bd3f01345fb0cd852b650e6307dbcf924bf6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x674F | 10452 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.