MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link to a known malicious redirector, ttraff.cc, which is likely used to deliver further malicious content. The document body, though heavily obfuscated, contains the same lure text as the malicious URL, suggesting a social engineering attempt. The presence of numerous links to Shopify and static.usrfiles.com domains indicates a link farm strategy to improve search engine ranking for the lure, which is a common tactic for SEO poisoning. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=making+traditional+wooden+planes+download
- https://cdn.shopify.com/s/files/1/0429/8535/7463/files/tchaikovsky_symphony_6.pdf
- https://cdn.shopify.com/s/files/1/0433/3302/5960/files/pdf_splitter_mac_free.pdf
- https://cdn.shopify.com/s/files/1/0447/8818/7293/files/postfix_smtpd_exploit.pdf
- https://static.usrfiles.com/ugd/b8c837_99e0277005fb42d088b4fafd92db5424.pdf
- https://static.usrfiles.com/ugd/93971e_ba006d3bc1e740aaa45007f2d408566c.pdf
- https://static.usrfiles.com/ugd/b8c837_9b344450f25b49bf95e1d2fa05b85f01.pdf
- https://static.usrfiles.com/ugd/353d00_1561f3d80534458ba9c25efdb5797f4b.pdf
- https://static.usrfiles.com/ugd/912de2_1a4b93844a694c91bd4c63fdb68d03ae.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/8584587797.pdf
- https://cdn.shopify.com/s/files/1/0438/5452/8677/files/air_pollution_control_engineering_second_edition.pdf
- https://cdn.shopify.com/s/files/1/0438/4745/0789/files/statistical_rethinking_2nd_edition_download.pdf
- https://cdn.shopify.com/s/files/1/0432/1725/6605/files/83896820160.pdf
- https://cdn.shopify.com/s/files/1/0427/9857/9879/files/ponirariguzifujo.pdf
- https://cdn.shopify.com/s/files/1/0435/6263/1326/files/chess_openings_for_white_explained.pdf
- https://cdn.shopify.com/s/files/1/0428/8797/0975/files/4898581379.pdf
- https://cdn.shopify.com/s/files/1/0437/9725/0210/files/international_model_10_grain_drill_parts.pdf
- https://cdn.shopify.com/s/files/1/0449/6136/6175/files/dna_ka_full_form_kya_hoti_hai.pdf
- https://cdn.shopify.com/s/files/1/0430/6701/5329/files/taluboxemoweravusarak.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004dea.binc716d914ef74a6e619b36af63a5c8563951a3b829a65db73f953cf0fca42688e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4DEA | 5288 bytes |
font_01_sfnt_off00006005.bin74474e61563c8fb0190d3e7a2be79e0a4e30564c7b02ef3d42a3aef5a400ad49 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6005 | 9624 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.