MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document was flagged as malicious due to its inclusion of a link farm pointing to a known malicious redirector. The document body contains obfuscated text and multiple URLs, including the primary malicious redirector URL. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK specifically identifies the threat, and the ML_NYX_PDF_MALICIOUS model strongly supports this classification. The primary purpose appears to be directing users to malicious content via the ttraff.com domain.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=fybsc+botany+textbook+pdf
- http://wikuwep.heatherleephoto.com/uploads/1/3/2/6/132681670/1e09e8034f2e2b8.pdf
- http://files.paintrollersplus.net/uploads/1/3/1/4/131406892/7564200.pdf
- http://files.ansonexresources.com/uploads/1/3/0/7/130776499/bokipug_mugiwe_zewezuxo.pdf
- https://cdn.shopify.com/s/files/1/0436/2698/7680/files/kuregolaboduwabetugutub.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/53940500656.pdf
- https://cdn.shopify.com/s/files/1/0437/5959/9765/files/51575487268.pdf
- https://cdn.shopify.com/s/files/1/0432/2613/6743/files/jujuvakosupudope.pdf
- https://cdn.shopify.com/s/files/1/0427/7485/5846/files/41983698632.pdf
- https://cdn.shopify.com/s/files/1/0428/7250/4483/files/68115545637.pdf
- https://cdn.shopify.com/s/files/1/0434/2287/5797/files/story_elements_worksheet_grade_2.pdf
- https://cdn.shopify.com/s/files/1/0431/6938/2568/files/classical_approach_to_management.pdf
- https://cdn.shopify.com/s/files/1/0427/8750/4294/files/basic_accounting_cycle.pdf
- https://cdn.shopify.com/s/files/1/0430/9617/8845/files/nimuwesulodevazeg.pdf
- https://cdn.shopify.com/s/files/1/0429/9715/3943/files/fidotok.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005f6c.binebbb6011bf88dd7872aa4306fd59b670a8262f8617f3dc74dc3189c98303cc2a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5F6C | 5352 bytes |
font_01_sfnt_off000071c6.bina0f5a8dfeaa0bb6dc0effbaf73f2996d6fa971a09dbb121d521afc971fdcd47e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71C6 | 3204 bytes |
font_02_sfnt_off00007eb9.bin5e067315a2bd9524b6254977960f062bb129990ed69868068e29b4596197f3c8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EB9 | 2320 bytes |
font_03_sfnt_off0000890c.bin391bb3418555f73898444c9d6b23de89f02a6b36e5ddbd38c3ccba962774c224 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x890C | 11464 bytes |
font_04_sfnt_off0000ae8c.bina349519ccbdbca3d75704c2becf615ab37801eb1543272228454131dceb83acc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAE8C | 16224 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.