MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass external link farm, with one prominent link directing to a known malicious redirector. The document body, though heavily obfuscated, contains the URL 'https://ttraff.cc/pify?keyword=cartoonito+italia+tv+guide', suggesting a lure to a fake TV guide. The ML classifier strongly flagged this PDF as malicious, and the presence of numerous PDF links points to a content-spinning or SEO-based distribution tactic.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=cartoonito+italia+tv+guide
- http://files.canadiancoachbaker.com/uploads/1/3/2/7/132740838/mezebevawiserap.pdf
- http://files.cmgaesthetics.com/uploads/1/3/0/8/130814050/c5f7fc55b9e.pdf
- http://files.georgecontini.com/uploads/1/3/0/7/130739831/4641336.pdf
- http://winewe.pelsallcarnival.org/uploads/1/3/1/3/131380160/a805a2ca8ff1f.pdf
- http://files.charmsandsparklebyria.com/uploads/1/3/0/8/130814855/vadoremuneminubis.pdf
- https://cdn.shopify.com/s/files/1/0430/8179/3698/files/ashtanga_yoga_primary_series_poses.pdf
- https://cdn.shopify.com/s/files/1/0434/1471/6572/files/supepotukizirozobezaveg.pdf
- https://cdn.shopify.com/s/files/1/0451/0826/5125/files/60015501878.pdf
- https://cdn.shopify.com/s/files/1/0437/0278/0072/files/adeptus_astartes_codex_8th.pdf
- https://cdn.shopify.com/s/files/1/0434/2225/3208/files/english_academic_writing_books.pdf
- https://cdn.shopify.com/s/files/1/0436/8649/4361/files/suxidot.pdf
- https://cdn.shopify.com/s/files/1/0433/3164/9689/files/hawke_cable_gland_size_chart.pdf
- https://cdn.shopify.com/s/files/1/0437/3826/7809/files/berijurax.pdf
- https://cdn.shopify.com/s/files/1/0433/5563/5880/files/kawedamuzisoxifinake.pdf
- https://cdn.shopify.com/s/files/1/0438/3378/6525/files/88610097209.pdf
- https://cdn.shopify.com/s/files/1/0430/2582/5955/files/14877138219.pdf
- https://cdn.shopify.com/s/files/1/0434/6665/3858/files/urdu_encyclopedia_download.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000071f8.binf5679d5392a0d5ebcf15a43bf47922f1b22f5d8b417c5f605904b7887f5242e4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71F8 | 4780 bytes |
font_01_sfnt_off0000824b.bin1dd8592465d54ae699046b3c752cfa7acc560ef516cb3542886bf01270613796 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x824B | 10360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.