MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external PDF links, indicating a link farm. The primary malicious URL identified is `https://ttraff.ru/pify?keyword=bayesian+classifier+pdf`, which is likely used to redirect users to a malicious destination. The document body contains obfuscated text and embedded URLs, further supporting the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=bayesian+classifier+pdf
- http://files.rebeccathompson.ca/uploads/1/3/2/8/132814476/dopifowetazusumum.pdf
- http://fupik.lifeworksgym.net/uploads/1/3/0/7/130739892/magafelujig.pdf
- http://files.silkysbrooklyn.com/uploads/1/3/1/8/131871633/xepegof_jugekedovelosej.pdf
- https://cdn.shopify.com/s/files/1/0433/5806/0703/files/scott_foresman_science_grade_1.pdf
- https://cdn.shopify.com/s/files/1/0434/5603/7017/files/tirurefixomuzawevin.pdf
- https://cdn.shopify.com/s/files/1/0440/0673/6037/files/86791672982.pdf
- https://cdn.shopify.com/s/files/1/0431/6980/8548/files/jejaxusumagozuzumin.pdf
- https://cdn.shopify.com/s/files/1/0434/1805/8901/files/naketa.pdf
- https://cdn.shopify.com/s/files/1/0451/0954/3077/files/budget_making_process.pdf
- https://cdn.shopify.com/s/files/1/0435/2750/4024/files/10541007144.pdf
- https://cdn.shopify.com/s/files/1/0430/4447/0933/files/88222877644.pdf
- https://cdn.shopify.com/s/files/1/0445/8987/5364/files/90875677097.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/zijilo.pdf
- https://cdn.shopify.com/s/files/1/0429/0733/6857/files/50365568547.pdf
- https://cdn.shopify.com/s/files/1/0428/2381/1239/files/mogobigovududobutokuguza.pdf
- https://cdn.shopify.com/s/files/1/0433/6363/1272/files/mivoralepolegubud.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000079dd.binf7085ee332bc58454d6596255c733c973904023154c1800dfbe6aeb87f12ae5d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79DD | 4896 bytes |
font_01_sfnt_off00008a8a.bin081d6d3ecbef0f887a09137cd1502d639f945ef321bc346bf672ea72fd05234e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A8A | 14416 bytes |
font_02_sfnt_off0000b7ce.bin5617ec9627a8ab3ec6258a90d9208e20427de2a6b8b5195bb6b34d6d8d69fe18 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB7CE | 16076 bytes |
font_03_sfnt_off0000cc7c.bin4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCC7C | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.