MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link, directing users to 'https://ttraff.club/wix?keyword=bootstrap+4+admin+template+free+react'. The document body, though heavily obfuscated, contains this URL and also references 'static.usrfiles.com' which is part of a link farm. This suggests the document is designed to trick users into visiting a malicious site under the guise of providing free resources.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=bootstrap+4+admin+template+free+react
- https://static.usrfiles.com/ugd/36d413_4e4fa92ba5534420a0a4b0cd9a0f26a7.pdf
- https://static.usrfiles.com/ugd/83f04e_22959d079236415ebd1bd0be1b5558eb.pdf
- https://static.usrfiles.com/ugd/ee6100_6d7a18b24a7047aeb34959082a4e07e1.pdf
- https://static.usrfiles.com/ugd/9ff9b8_67316d1b6ef7406188149d04a516a737.pdf
- https://static.usrfiles.com/ugd/7d1dc9_74815915ba2d46b29266ea221d7ef5d9.pdf
- https://static.usrfiles.com/ugd/bf0735_2bb0912089904a939a3c86638995bea3.pdf
- https://static.usrfiles.com/ugd/b8c837_7d3cd954f1da4bada83340c99be8475f.pdf
- https://static.usrfiles.com/ugd/c068f8_4032b7847eb140e6861246f58acf9408.pdf
- https://static.usrfiles.com/ugd/67f5f7_fb918bbf504a49aab298d47d9b5ad85b.pdf
- https://static.usrfiles.com/ugd/191a6d_1abfd2c782864be7922bcccc7c536b69.pdf
- https://static.usrfiles.com/ugd/b8c837_def380d5552e418d82c97d6d4a3e69fa.pdf
- https://static.usrfiles.com/ugd/b8c837_ef3a5826b81447a38677df76b31ebf58.pdf
- https://static.usrfiles.com/ugd/e1c37d_6bae7f1e2f114d99bdaab6d1530e4c16.pdf
- https://static.usrfiles.com/ugd/64db51_e25f4f6fd60e4eda8e259745f5875647.pdf
- https://static.usrfiles.com/ugd/3c9ac1_a7057fdf2ae547feba9981ab5458a5c9.pdf
- https://static.usrfiles.com/ugd/ad2ade_8a22b8ed5e7b4b1c8c7f817031c01b5d.pdf
- https://static.usrfiles.com/ugd/38eac1_60201510d46d402f99a4db2d425c0f4a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007fb6.bin320ad6dc3c486a1ce773242c290254b33a2bf7b3f5b9d6cff1c7038b47fabfde |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7FB6 | 5440 bytes |
font_01_sfnt_off0000922a.bina43fc47972c166c14bcf02015abb9d1b17adcc2fbaa86d3fc60a471b4e286b02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x922A | 9984 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.