MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external PDF links, suggesting a link farm. The primary malicious URL identified is 'https://ttraff.cc/wb?keyword=neo%20gamers%20cafe', which is a known malicious redirector. The document body, though heavily obfuscated, also contains this URL and numerous other PDF links hosted on cdn.shopify.com, indicating a broad attempt to distribute malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=neo%20gamers%20cafe
- https://cdn.shopify.com/s/files/1/0431/3009/3728/files/xuteganakerak.pdf
- https://cdn.shopify.com/s/files/1/0432/1135/8372/files/dapowulokuno.pdf
- https://cdn.shopify.com/s/files/1/0452/2328/0800/files/avon_august_brochure.pdf
- https://cb091db7-92e5-41d5-bb5d-cb88ca3ab0fb.filesusr.com/ugd/bc79a4_89f9f626aa734ea0af6fdc4bd2154b22.pdf?index=true
- https://08f61cc7-3ab7-43b7-8255-5dd5664b345e.filesusr.com/ugd/9c66ff_0f8ea7d38bc544bcbf9f39bc2e48ffac.pdf?index=true
- https://5cbf0b59-f190-4ece-b7bb-9459e179e9a1.filesusr.com/ugd/3f80ec_ed60ace763c24ee99e408912210d1bb0.pdf?index=true
- https://b8132f38-2b5e-4dc5-9bb1-2349016ab7fd.filesusr.com/ugd/1b0481_4575527f3c8e4ae29e7bcb8d243e32b7.pdf?index=true
- https://67ea31cb-ca54-47f5-8d6f-b979a51724a5.filesusr.com/ugd/eda9ba_2aa10421f502495ab38444281b302f36.pdf?index=true
- https://2b32fb14-c1d7-4ea4-8572-05bed0c82952.filesusr.com/ugd/c6ac46_d8a344d187264c169d4e431604ee06bc.pdf?index=true
- https://1987c668-924f-4354-8628-18f0ce61a2f6.filesusr.com/ugd/738632_ae06d2c821844397b4f454ab1f8c87b9.pdf?index=true
- https://f9919296-7798-4661-ba4a-700af80a8a48.filesusr.com/ugd/9ea91e_d7d4354d57074ba0a75e9b7c999d124d.pdf?index=true
- https://af78ddec-312f-4416-a866-d4a39ba5b71c.filesusr.com/ugd/0511f5_1a4b34f710cd412796e3eebadb8e905d.pdf?index=true
- https://976c9e9b-570e-47f9-839d-d0d8766e876a.filesusr.com/ugd/f9d4cd_5b2fba96baac43778eb3352d9ef838eb.pdf?index=true
- https://8f6ec042-c9c5-479a-83a6-3800618381c5.filesusr.com/ugd/b1277d_868ca1608b8145339f8f63903f24f510.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004e83.bin4000855d5dcc30227d526db51ee2b70e27600285b7a764caf0ccaa30841cebfc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E83 | 5136 bytes |
font_01_sfnt_off00005ff2.bin5e9172fd92297e8ca0d597526c1e3b75150764793dc944bf709e77e9c837ae69 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FF2 | 10528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.