MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a large link farm. The embedded URL 'https://ttraff.cc/wix?keyword=corki+pro+guides' is identified as a malicious redirector. The document body, though heavily obfuscated, contains this URL and numerous other links, suggesting a coordinated effort to distribute malicious content through a link farm hosted on static.usrfiles.com.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=corki+pro+guides
- https://static.usrfiles.com/ugd/e2b09b_c024b26d97ec474cb5c0e66146fb2656.pdf
- https://static.usrfiles.com/ugd/b8c837_b089d3b1d70b428681402cc08f38a9eb.pdf
- https://static.usrfiles.com/ugd/cec570_7666b35c618645d2906e3c3b699e5378.pdf
- https://static.usrfiles.com/ugd/a2ebd8_ee3d19cef4c047e1aee6f5f46a8f3b91.pdf
- https://static.usrfiles.com/ugd/5af86b_ccec2a747542413a85d2557e4259706f.pdf
- https://cdn.shopify.com/s/files/1/0431/0204/4316/files/tizudirivorepoge.pdf
- https://cdn.shopify.com/s/files/1/0434/2562/8327/files/mepinurepikaxutibuber.pdf
- https://cdn.shopify.com/s/files/1/0431/0351/8882/files/ncert_class_12_accountancy_book.pdf
- https://static.usrfiles.com/ugd/b8c837_06be2f7c8e9b444bb602d682ebe931fd.pdf
- https://static.usrfiles.com/ugd/b8c837_e5460d84ee1b4fa09950844ad0022ed0.pdf
- https://static.usrfiles.com/ugd/b8c837_f7611be48a7a4df19e2892168bd938e0.pdf
- https://static.usrfiles.com/ugd/b8c837_93ba3da61f764956aa760ba5357b868c.pdf
- https://static.usrfiles.com/ugd/b8c837_941cfe1c305d4361adf7e608a1b67ffc.pdf
- https://cdn.shopify.com/s/files/1/0440/5726/4280/files/gebonopepasezow.pdf
- https://cdn.shopify.com/s/files/1/0444/3914/2566/files/abscesso_renal_tratamento.pdf
- https://cdn.shopify.com/s/files/1/0433/2758/6472/files/vapedugorelorowudo.pdf
- https://cdn.shopify.com/s/files/1/0430/8379/2533/files/43338680286.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004ba3.binda23a5ad14794c6306b9c72aa6e58ec0011fe8b413d407d591bc6beae97c73dd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4BA3 | 4852 bytes |
font_01_sfnt_off00005c39.binbecc440d7d2836a8baa23fb66b3f01b686339bf5e2c9f4660503abbfbd078dd7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C39 | 12956 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.