MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a lure for a "free movie" which, upon clicking, redirects to a malicious URL. The PDF_MALICIOUS_REDIRECTOR_LINK heuristic confirms this redirection to known malicious infrastructure. Additionally, the PDF_SEO_LINK_FARM heuristic indicates the document is part of a larger scheme to generate traffic, likely for SEO manipulation or to distribute malware. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=barfi+full+movie+free++in+mp4
- http://wexibil.weyburnsynchrostars.com/uploads/1/3/2/7/132741029/5478025.pdf
- http://files.tarcova.com/uploads/1/3/1/4/131437987/posorikovagatan.pdf
- http://kajenub.castlesjewelry-gifts.com/uploads/1/3/1/4/131453133/4474474.pdf
- http://gosumeja.home-views.com/uploads/1/3/2/3/132303124/ad37c3b.pdf
- http://files.bluethunderbirdwoman.com/uploads/1/3/1/8/131871780/5388329.pdf
- https://cdn.shopify.com/s/files/1/0429/2889/8211/files/kodefig.pdf
- https://cdn.shopify.com/s/files/1/0429/2050/9596/files/47933391513.pdf
- https://cdn.shopify.com/s/files/1/0430/5109/0071/files/mozezobevuxemiselodej.pdf
- https://cdn.shopify.com/s/files/1/0434/3519/6566/files/meningitis_por_candida_albicans.pdf
- https://cdn.shopify.com/s/files/1/0436/3950/5056/files/ukcat_abstract_reasoning_questions.pdf
- https://cdn.shopify.com/s/files/1/0437/7100/3037/files/counterfeit_drugs.pdf
- https://cdn.shopify.com/s/files/1/0430/4230/8250/files/lanthanides_and_actinides_properties.pdf
- https://cdn.shopify.com/s/files/1/0428/9078/9020/files/koxogazixonuk.pdf
- https://cdn.shopify.com/s/files/1/0433/2853/6734/files/29883959297.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/gigogew.pdf
- https://cdn.shopify.com/s/files/1/0432/8184/2341/files/adhesion_in_dentistry.pdf
- https://cdn.shopify.com/s/files/1/0436/0683/5358/files/16106135294.pdf
- https://cdn.shopify.com/s/files/1/0440/3236/0613/files/famexijux.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0430/5109/0071
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007ff5.bina631c294408baaa03e3863ec417fad3ed3d05ad780833465f06a330fcec9ae75 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FF5 | 5068 bytes |
font_01_sfnt_off00009126.bin93ac8726772e1041869c74875f2c7e8397092f942f7b335062a2d0196c23e7e5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9126 | 14820 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.