MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, indicating it directs users to a known malicious URL. The document body, though heavily obfuscated, contains the URL https://ttraff.com/wix?keyword=hydrochloric+acid+safety+data+sheets, which is likely intended to host malicious content or further redirects. The PDF also contains a large number of embedded links to other PDFs, flagged by PDF_SEO_LINK_FARM, suggesting a link farm or SEO poisoning tactic to distribute malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=hydrochloric+acid+safety+data+sheets
- https://cdn.shopify.com/s/files/1/0428/5225/3863/files/pemobezav.pdf
- https://cdn.shopify.com/s/files/1/0434/7055/3252/files/40061167508.pdf
- https://cdn.shopify.com/s/files/1/0430/6649/1031/files/operation_research_assignment_problem.pdf
- https://cdn.shopify.com/s/files/1/0434/2225/3208/files/bargarh_district_pin_code.pdf
- https://cdn.shopify.com/s/files/1/0435/5981/3279/files/majipokizato.pdf
- https://static.usrfiles.com/ugd/b8c837_020fe300be4e4cbbadafe8ae2b3033d0.pdf
- https://static.usrfiles.com/ugd/15cd4d_ac01e7956d9c48a9ba8650a079587c2f.pdf
- https://static.usrfiles.com/ugd/bfbc46_7464759e3345486fa9642de6c19d1a26.pdf
- https://cdn.shopify.com/s/files/1/0427/5575/2103/files/ademco_6148_user_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/9507/2674/files/johnson_control_a419_manual.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/vuxopikuxoxixu.pdf
- https://cdn.shopify.com/s/files/1/0460/6518/9019/files/blues_music_mix.pdf
- https://cdn.shopify.com/s/files/1/0434/8330/0005/files/silupitud.pdf
- https://cdn.shopify.com/s/files/1/0432/4877/9426/files/bootstrap_4._3._1_tutorial.pdf
- https://cdn.shopify.com/s/files/1/0430/6819/4978/files/rirukezosekabigukefub.pdf
- https://cdn.shopify.com/s/files/1/0434/8854/2872/files/sorubixok.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000696b.bin80e191ee634efd9c5d12a3219f7fc410b325d823c67b1accb40296bb26dbd8a3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x696B | 4856 bytes |
font_01_sfnt_off000079fc.bin74bfd5cc75dfab9a85f0962555cec7ea6613a013182e3902e251c70105eeb8c6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79FC | 10136 bytes |
font_02_sfnt_off00009caa.bin7f6049e5011acf0e8581793f2bc2bb947aac2929fdb77abc318b2a6155c1ef71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9CAA | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.