MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external PDF links, suggesting an SEO manipulation or link farm tactic. One of the embedded URLs, https://ttraff.me/wix?keyword=aqualand+eco+drive+citizen+manual, is identified as a malicious redirector. The ML classifier also strongly indicated maliciousness. No scripts were extracted, but the sheer volume of links and the redirector heuristic point to a malicious intent to lure users to external, potentially harmful, content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=aqualand+eco+drive+citizen+manual
- http://naleba.skidmoresocialnorms.com/uploads/1/3/0/8/130874411/4001832.pdf
- http://punukan.thefashionanalyst.com/uploads/1/3/2/6/132681333/8072463.pdf
- http://files.lightningridgefarms.com/uploads/1/3/1/3/131383480/6405423.pdf
- http://nepixagop.joneslanepta.org/uploads/1/3/0/7/130776407/6456302.pdf
- https://cdn.shopify.com/s/files/1/0432/2207/3506/files/clyde_lee_sevilla.pdf
- https://cdn.shopify.com/s/files/1/0437/9777/4497/files/wiwufizefiki.pdf
- https://cdn.shopify.com/s/files/1/0451/1324/5848/files/whirlpool_dryer_troubleshooting.pdf
- https://07946163-078f-43fc-bee7-d7204b64152a.filesusr.com/ugd/0cd3a8_7d7236f184e24c8990061ecf0bbde7cd.pdf?index=true
- https://49916fa6-d9a4-439b-ae25-2683b23e5ec1.filesusr.com/ugd/c12414_5e5b37939eef4b3fa65e906e0ef9de9b.pdf?index=true
- https://2f49f17d-40fe-43ad-8223-c741e95805a4.filesusr.com/ugd/e49726_53163f3c5ed0467cb75b147417c18a5e.pdf?index=true
- https://d8b2f4ec-2676-42e3-9631-0dd1381be7cc.filesusr.com/ugd/5dc3ca_138f9cd3bb454936a8b40494fde30dcd.pdf?index=true
- https://08398cee-428a-4fde-a2fe-6105ebe3779c.filesusr.com/ugd/c722c2_d6d0bf8106ad4e5a92857c6bb6840599.pdf?index=true
- https://cdn.shopify.com/s/files/1/0465/3491/8302/files/hidroterapia_en_fisioterapia.pdf
- https://cdn.shopify.com/s/files/1/0431/8691/3439/files/60981562763.pdf
- https://cdn.shopify.com/s/files/1/0430/8621/7383/files/7189378594.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000522c.bina9312590107a8334b1d652ccdeb6232d676ae4ac6da2c703d77fb05e5afb8a75 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x522C | 5132 bytes |
font_01_sfnt_off00006398.binc1ca9382ff2401614d78a8199dda3c197dd2a34b5a64668da5ee691e1d5790fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6398 | 13932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.