MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The ML classifier also strongly flagged this PDF as malicious. The embedded URL, https://ttraff.cc/123?keyword=ge+refrigerator+at+best+buy, is the primary indicator of malicious intent, likely serving as a lure to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/123?keyword=ge+refrigerator+at+best+buy In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://cdn.shopify.com/s/files/1/0266/7882/1043/files/yowhatsapp_v_7.99_apk.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0498/7679/5548/files/cloner_badge_vigik_android.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0493/0325/7247/files/xikedamulinile.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/830fe6aa-ed9f-444d-ad23-154c19bcecbb/gezebotaranisakawo.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0506/5287/2894/files/35205516086.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0481/9632/1432/files/wojatajodijatuxanutijefib.pdfIn PDF document text
- https://s3.amazonaws.com/sugaguxagu/vomopudemewaku.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e43deb38-a6fa-4598-a521-2213dd88305a/jusiboliz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/889dda27-137f-48e5-a33b-3744f5035bcb/50_shades_darker_download.pdfIn PDF document text
- https://cdn.shopify.com/s/files/1/0502/3930/7949/files/atto_notorio_inps.pdfIn PDF document text
- https://s3.amazonaws.com/vinivuxo/arcgis_spatial_analyst_tutorial.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e2245bf5-3419-49c1-ab5a-f57657cbb506/avakin_life_hack_no_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8bfd0b82-20b3-47e9-81e9-44ca4e9ae1a9/24735778174.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005512.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5512 | 5176 bytes |
SHA-256: 6302f0fe0f3f79ed1d4aac6909d70d0b80f968f0bd2e5a97e60f26536c7642cb |
|||
font_01_sfnt_off000066ca.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66CA | 11052 bytes |
SHA-256: 28334a1838d7f9557bf45956eabf8bbb6d4d7f5f6dc63f1db06375638d9f5800 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.