MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to external resources. One critical heuristic firing indicates that the PDF links to known malicious redirector infrastructure, specifically 'https://ttraff.me/wix?keyword=henry+beaufort+school+ofsted+report'. This suggests the document is designed to redirect users to malicious sites, likely for phishing or malware distribution. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=henry+beaufort+school+ofsted+report
- https://static.usrfiles.com/ugd/6c032c_1484dced49d34245b2235274fcd0582c.pdf
- https://static.usrfiles.com/ugd/64e449_b3f616d5a4ed4b27b4e79f81a680b91c.pdf
- https://static.usrfiles.com/ugd/7e84b7_aae3453be1e64a8b9ac9d1310da948aa.pdf
- https://static.usrfiles.com/ugd/162fe6_42ddf39380ea4069977f742072ac0eeb.pdf
- https://static.usrfiles.com/ugd/96a426_1f4bb2019e514cbda6f25e056d2fa258.pdf
- https://cdn.shopify.com/s/files/1/0433/9990/5429/files/pinuwenudo.pdf
- https://cdn.shopify.com/s/files/1/0429/5717/6986/files/13384640089.pdf
- https://cdn.shopify.com/s/files/1/0433/9938/1146/files/rulizolefesozipemedube.pdf
- https://cdn.shopify.com/s/files/1/0428/8905/2316/files/gamegivumuvinudof.pdf
- https://cdn.shopify.com/s/files/1/0430/7664/9121/files/android_alarmmanager_not_working_when_app_closed.pdf
- https://cdn.shopify.com/s/files/1/0437/8604/3541/files/najado.pdf
- https://cdn.shopify.com/s/files/1/0464/8216/1832/files/bedroom_eyes_movie_720p.pdf
- https://cdn.shopify.com/s/files/1/0431/6836/6760/files/1349262728.pdf
- https://cdn.shopify.com/s/files/1/0434/0695/0550/files/95284612725.pdf
- https://static.usrfiles.com/ugd/963627_ffb4db2f858345c58cca17af4d2f9479.pdf
- https://static.usrfiles.com/ugd/6c98bc_692ffb6a9c9546e2b6a0e4949dd233b3.pdf
- https://static.usrfiles.com/ugd/008e52_eea43fe8f9704010b068c0763d54cbea.pdf
- https://static.usrfiles.com/ugd/09c3c7_f484fa3969994e33831ed3837b519f5c.pdf
- https://static.usrfiles.com/ugd/3f4b99_6fda914927854d839520debfcf70e58e.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a13.bina0619c74fa85b883c22be9f679c09faee0a12ba04f9b3aac4dd212c135760774 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A13 | 5444 bytes |
font_01_sfnt_off00007c92.bin32739d3558e894bd4170539c95f4b6ab4b35eea05379437e1a7a1dc5e650dd98 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C92 | 10368 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.