MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with a heuristic identifying a 'PDF SEO Link Farm' and another flagging a 'PDF Malicious Redirector Link'. The primary malicious URL identified is 'https://ttraff.me/wix?keyword=sonnetist+pack+2+answers+full'. The document body, though heavily obfuscated, contains this URL and appears to be a lure for users to click on the malicious links.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=sonnetist+pack+2+answers+full
- https://cdn.shopify.com/s/files/1/0428/1437/4054/files/73474293411.pdf
- https://cdn.shopify.com/s/files/1/0429/1756/0473/files/enchanting_guide_wow_8._2.pdf
- https://cdn.shopify.com/s/files/1/0434/5459/5224/files/7233064406.pdf
- https://cdn.shopify.com/s/files/1/0436/6240/9881/files/ritumuxibos.pdf
- https://c34dbf92-e033-4564-82e2-cf3fc9f2721b.filesusr.com/ugd/5de1df_f82c8f91b9c54dd08bd35865c39f8dfc.pdf?index=true
- https://e5bd2a94-17c1-4804-a6ab-ac52fe607eeb.filesusr.com/ugd/fedf23_9731ad7530f74b33bf9ea0bb12569d51.pdf?index=true
- https://6ad6b0ba-9df7-4b61-8057-6a5ce4ae6978.filesusr.com/ugd/5c9621_666fa6c13c9b41eabb30968b0e3ebd99.pdf?index=true
- https://475c3454-429f-4676-b905-9a18e31a348a.filesusr.com/ugd/8acad3_97964240267140bd874149f6ed2dacf1.pdf?index=true
- https://98ae8ebd-1a83-4c65-bb01-85b55d05fb49.filesusr.com/ugd/80fd5d_13fef9dd5ed84c409bf9109f7a881329.pdf?index=true
- https://93316412-6b65-4450-9f5c-1828a630f5ff.filesusr.com/ugd/7dd30d_30d82030313f45158b9acc8b453ef715.pdf?index=true
- https://2622017b-eb57-4142-8fca-835c510a7960.filesusr.com/ugd/3cb679_3a4595d7e70646458b8b4c29a4c59440.pdf?index=true
- https://cdn.shopify.com/s/files/1/0460/2504/8223/files/44647120253.pdf
- https://cdn.shopify.com/s/files/1/0429/0638/6595/files/jemigoxawogujap.pdf
- https://cdn.shopify.com/s/files/1/0431/6905/4886/files/reporting_car_accident_to_police.pdf
- https://cdn.shopify.com/s/files/1/0429/7474/0636/files/genukijewisejos.pdf
- https://cdn.shopify.com/s/files/1/0431/1030/1847/files/extended_euclidean_algorithm.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000065bc.binc02e78466ba0da582262c2c6cda1f6e6300c8a70625a5d0e804daf149cd2bd72 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65BC | 5400 bytes |
font_01_sfnt_off00007844.bind8136700321600f711243291ae38c7384adcdc1724f0251ab5ceac431b44ec1f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7844 | 10192 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.