MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, which points to the URL https://ttraff.cc/wix?keyword=2007+dodge+charger+repair+manual+free. The document body, though heavily obfuscated, contains text related to a '2007 dodge charger repair manual free', suggesting a lure to disguise the malicious intent. The presence of numerous other PDF links, many hosted on cdn.shopify.com, indicates a link farm strategy, likely for SEO poisoning or distributing further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=2007+dodge+charger+repair+manual+free
- https://cdn.shopify.com/s/files/1/0432/3095/3630/files/clausing_drill_press.pdf
- https://cdn.shopify.com/s/files/1/0429/7592/0282/files/mupizasiwodijimulima.pdf
- https://cdn.shopify.com/s/files/1/0432/4117/7256/files/math_worksheets_grade_1.pdf
- https://cdn.shopify.com/s/files/1/0436/3635/9326/files/anesthesia_drug_doses.pdf
- https://cdn.shopify.com/s/files/1/0429/8165/4679/files/26613104980.pdf
- https://cdn.shopify.com/s/files/1/0427/9376/2975/files/befapidopesuvixavu.pdf
- https://cdn.shopify.com/s/files/1/0435/3346/7807/files/tnpsc_group_4_aptitude_questions_and_answers_in_tamil_pdf.pdf
- https://cdn.shopify.com/s/files/1/0428/8331/7926/files/93098915246.pdf
- https://cdn.shopify.com/s/files/1/0431/2278/6466/files/adobe_after_effects_cc_tutorial.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/65028435792.pdf
- https://static.usrfiles.com/ugd/40b9e6_6f89aac47e72425b88caa95fd7f10012.pdf
- https://static.usrfiles.com/ugd/3e0cb9_c41c2974c2de42a8bb06946eb19adf3b.pdf
- https://static.usrfiles.com/ugd/4bdc6d_98d6ca50d64940e782482330fbe922af.pdf
- https://static.usrfiles.com/ugd/271e65_0b55c1dad5e04581a92e6cd17f617c3a.pdf
- https://static.usrfiles.com/ugd/4ae4db_fbf81dc5a18b4bb0bd482bfbe4d2badb.pdf
- https://static.usrfiles.com/ugd/d01287_8d1372abbb184b1ea90cdb78fb38e295.pdf
- https://static.usrfiles.com/ugd/d63aaf_2fbd64d4539d4b7fbd1cb24ee8576cc4.pdf
- https://static.usrfiles.com/ugd/b8c837_9d16334cbd504f07885b21c2dfbbde00.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006d81.binecd10499c61a50e457c35b04606080ce6d37296ca3deeae1ddd1141ce9b6eed3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D81 | 5652 bytes |
font_01_sfnt_off0000809c.binab71af449c82c667effe5786a930c4a842a8dd12daa991f1c822c44dd50af132 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x809C | 10464 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.