MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a malicious redirector link disguised as information about 'Boston college summer programs abroad'. This link, 'https://ttraff.cc/pify?keyword=boston+college+summer+programs+abroad', is designed to lead users to further malicious infrastructure. The presence of a mass external PDF link farm further indicates a malicious intent to distribute or redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=boston+college+summer+programs+abroad
- http://kiraxa.cakemediahq.com.au/uploads/1/3/0/8/130814328/bupikomomu-wugamixuge-bijakipotu-nanurawewod.pdf
- http://fuweda.nickrosencutter.com/uploads/1/3/1/4/131408027/378079e48a272.pdf
- https://aa5b753d-8324-479e-8fbf-a9ae7c90e362.filesusr.com/ugd/0010c8_00d5553544084245882f8c7854455077.pdf?index=true
- https://27ee12d9-e952-4ed3-92a9-3a80c49b6925.filesusr.com/ugd/a01749_7d1d935d38c14045860f4616dd7ff10a.pdf?index=true
- https://e94a0450-0f82-43f2-80c6-8d4ece02396d.filesusr.com/ugd/dcbeda_55e70997e14941e98e6a8435bc9aab4f.pdf?index=true
- https://006c2cd7-06b0-4b54-9c80-b528963ca9d3.filesusr.com/ugd/97368a_03015dcb04f04f43a2e993152f3c2163.pdf?index=true
- https://63c739a6-9d0b-4010-8213-ae4f58b9ddc3.filesusr.com/ugd/895bef_8a7bb03f9353426889743a1753cda31a.pdf?index=true
- https://86aca46d-16a1-4e5a-bc5e-91a76ff99b01.filesusr.com/ugd/d5d855_f465aca13f5346ccbe8f8d984d8ffb3e.pdf?index=true
- https://8270b143-e422-4e72-a8ab-fe012fbb09fe.filesusr.com/ugd/61c57f_3bd7afeb32a747298ea9198b6bae5928.pdf?index=true
- https://f971b9ee-a1bd-4ed4-88b1-1f55799a35b3.filesusr.com/ugd/067ecb_b86cf39e4dcf497a9e2db317527a82b5.pdf?index=true
- https://63a0a64d-edbe-4994-9d59-bd8cdeb9462b.filesusr.com/ugd/1a94e8_14a89beffc2f4220a70b5fbf3323e05a.pdf?index=true
- https://148d52bd-89c6-4852-a613-e1bc68acbf82.filesusr.com/ugd/784815_1c389480bc5b448ba3e931513ecc0f1c.pdf?index=true
- https://93e46f92-dfd2-494e-befc-47b4f722f545.filesusr.com/ugd/b48b60_f5b302bd0c6f436f8a7b96234d7de1fe.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000715b.bin186868d84fbfedad7531b188b404c3a3b432ca1f20ffa87947593a18f5dfc6d3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x715B | 5584 bytes |
font_01_sfnt_off00008439.bin3229a0cc8a200856c1536d3d8a4226d4b67809134a2b4d1298b3774328cf4d31 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8439 | 10844 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.