MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document exhibits characteristics of a malicious redirector, with numerous embedded links pointing to a suspicious URL (ttraff.cc). The ML classifier strongly flagged this PDF as malicious. The document body, though heavily obfuscated, contains the primary redirector URL and a large number of links to static.usrfiles.com, suggesting a link farm designed to obscure the ultimate malicious destination.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=srdp+aufgabenpool+mathematik+formelsammlung
- https://static.usrfiles.com/ugd/c20ea7_0065eae0110e400ba0a09eeb309e1520.pdf
- https://static.usrfiles.com/ugd/c1108c_afacaba13fd8427f9293baf78775aadd.pdf
- https://static.usrfiles.com/ugd/b11f6d_1dfeab2df2f34e6f8c3cfd462a81b1e4.pdf
- https://static.usrfiles.com/ugd/b8c837_017512ea0d8b4b4b91fecb44656989ca.pdf
- https://static.usrfiles.com/ugd/e8506d_115dbb9f68944563a045d3492cf20ed2.pdf
- https://static.usrfiles.com/ugd/b8c837_aeff4ba2c74d4a128f8b9975cb84a643.pdf
- https://static.usrfiles.com/ugd/f46427_6688061d5ca346e9ab4905c43cfd4e81.pdf
- https://static.usrfiles.com/ugd/b8c837_bdcfd85f4cf94ac19686e48e7022ee2b.pdf
- https://static.usrfiles.com/ugd/913720_6cdb1ad7df5e45698b07ade448ac16a9.pdf
- https://static.usrfiles.com/ugd/b65acf_d730c8fd9a12400e85109693bb13d261.pdf
- https://cdn.shopify.com/s/files/1/0434/1848/4888/files/parasitic_diseases_despommier.pdf
- https://cdn.shopify.com/s/files/1/0439/0407/3880/files/83962633208.pdf
- https://static.usrfiles.com/ugd/b8c837_c92885005f1e4e63921941a4326e60d0.pdf
- https://static.usrfiles.com/ugd/b8c837_b107720b1cf5421ab279440d713f8153.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006838.bincb976c499b042943c621d92ee82ee5c49207f320e09996582a583c43ee69ca50 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6838 | 5764 bytes |
font_01_sfnt_off00007ba2.bin5eb6d62fdfaafdf087ec30e0560cdec10bd4b7813bc4268d95a5d016e56359dc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7BA2 | 15512 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.