MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.cc/wix?keyword=heavy+rain+pc+torrent'. This indicates a social engineering lure, likely aiming to trick users into downloading malware or visiting a malicious site. The document body, though heavily obfuscated, contains the same URL and other benign-looking PDF links, suggesting a link farm for SEO poisoning or to mask the malicious redirector. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=heavy+rain+pc+torrent
- https://cdn.shopify.com/s/files/1/0433/2693/1099/files/emt_pipe_panasonic_catalogue.pdf
- https://cdn.shopify.com/s/files/1/0434/6275/4461/files/6257104140.pdf
- https://cdn.shopify.com/s/files/1/0433/9925/0072/files/47865802625.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/dadimutixiwukigojubiw.pdf
- https://cdn.shopify.com/s/files/1/0437/4390/3905/files/wozekagivezirameder.pdf
- https://static.usrfiles.com/ugd/b8c837_98a7132ed7234b72bab264bd7715e189.pdf
- https://static.usrfiles.com/ugd/c63dba_18f1deac09654615b81f2a317b128046.pdf
- https://static.usrfiles.com/ugd/c7a620_8eca6fa942cf424ebe9462699934a580.pdf
- https://static.usrfiles.com/ugd/271e65_315e248b743944129a1ed710b774d1b5.pdf
- https://cdn.shopify.com/s/files/1/0435/3599/0936/files/harder_than_you_think_game.pdf
- https://cdn.shopify.com/s/files/1/0436/8970/5625/files/74639986180.pdf
- https://cdn.shopify.com/s/files/1/0433/2093/4558/files/62184970493.pdf
- https://cdn.shopify.com/s/files/1/0431/6246/8514/files/mutugitidesazuwifuma.pdf
- https://cdn.shopify.com/s/files/1/0449/0782/3259/files/cancer_de_pulmon_oncologia.pdf
- https://static.usrfiles.com/ugd/b8c837_b01fc56c381f4779bf5c7aad3101d6d4.pdf
- https://static.usrfiles.com/ugd/8e1900_053e8691602348c499952a69ef168102.pdf
- https://static.usrfiles.com/ugd/2274a7_dddcc4f84ab84039b6d5668cc2d5e982.pdf
- https://static.usrfiles.com/ugd/b8c837_d49cddcac9fe473ba4c0d60ba5c2a61f.pdf
- https://static.usrfiles.com/ugd/2f3ac6_5ca27e7046ee4f9689ef21d7e9dc87af.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006b62.bin3df928a018f2cdfeb5134643afa5b5651c641a52b3064e30b25c13ce48a94607 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B62 | 4840 bytes |
font_01_sfnt_off00007be5.bin3619c85fb77603e0d76ce0a6f754aa15c09e7115ce43dd3d781d6602fd3b02ac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BE5 | 3156 bytes |
font_02_sfnt_off00008883.bin353941777e2358a7f38958b7eda7c4ba149048e98dc1a2ecbd37b0f15a872aec |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8883 | 10796 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.