MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a malicious redirector link pointing to 'https://ttraff.me/wix?keyword=kundan+bihari+ke+gana++mp4', which is flagged as a known malicious infrastructure. The document also exhibits characteristics of a link farm, with numerous embedded URLs, many pointing to Shopify-hosted PDFs. The ML classifier strongly indicated maliciousness, supporting the conclusion that this PDF is designed to lure users to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=kundan+bihari+ke+gana++mp4
- https://cdn.shopify.com/s/files/1/0435/5378/3957/files/49826406748.pdf
- https://cdn.shopify.com/s/files/1/0428/7044/0095/files/C3B6C49Fretmen_gC3B6zlem_formu_C3B6rneC49Fi.pdf
- https://cdn.shopify.com/s/files/1/0438/3296/7318/files/media_creation_tool_change_location.pdf
- https://cdn.shopify.com/s/files/1/0430/8992/0154/files/holland_career_test.pdf
- https://cdn.shopify.com/s/files/1/0432/5697/1432/files/2471781753.pdf
- https://cdn.shopify.com/s/files/1/0432/0781/9422/files/92576897820.pdf
- https://cdn.shopify.com/s/files/1/0431/4044/8410/files/palabras_basicas_en_ingles.pdf
- https://cdn.shopify.com/s/files/1/0428/6083/9079/files/41583564013.pdf
- https://static.usrfiles.com/ugd/6f7357_73b3f541c9bd4307a6fa4258d4fa1316.pdf
- https://static.usrfiles.com/ugd/fb5067_1096b25f391841d79e810532e76720b1.pdf
- https://static.usrfiles.com/ugd/0d9a50_0985dd7df7eb419588b6cda0b6569e64.pdf
- https://cdn.shopify.com/s/files/1/0436/3078/8758/files/wegerogurogizod.pdf
- https://cdn.shopify.com/s/files/1/0438/9827/3944/files/sanuwosiwubib.pdf
- https://cdn.shopify.com/s/files/1/0461/4455/3123/files/tp-link_pharos_cpe210_manual.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004998.bin2b02bb029d0679d94ae5cc13376580b0b4ffd3fc15bbf03c5b647e366c117f41 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4998 | 5424 bytes |
font_01_sfnt_off00005be2.bindc2ed86f8564398f572e56d8baf8240feda5694468a7078f4a00df95cbb05838 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BE2 | 13308 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.