MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, specifically `https://ttraff.link/wix?keyword=rough+guide+to+portugal+algarve`. Additionally, it exhibits characteristics of a PDF link farm, with numerous external links, including `http://wegesi.sharpeningonsite.com/uploads/1/3/0/7/130776334/senodufezo_revalu.pdf`, designed to obscure the ultimate malicious destination. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=rough+guide+to+portugal+algarve
- http://wegesi.sharpeningonsite.com/uploads/1/3/0/7/130776334/senodufezo_revalu.pdf
- http://zilezoze.investwithsmdc.com/uploads/1/3/2/8/132814956/zutuzifixi.pdf
- http://files.sarahplatenius.com/uploads/1/3/1/4/131438443/ropapulow.pdf
- https://cdn.shopify.com/s/files/1/0428/2381/1239/files/fapafubilofogebaxi.pdf
- https://cdn.shopify.com/s/files/1/0428/6342/7751/files/ccna_free_download_todd_lammle.pdf
- https://cdn.shopify.com/s/files/1/0432/7089/7824/files/lovemodamujinibosij.pdf
- https://cdn.shopify.com/s/files/1/0432/6762/1028/files/92810221960.pdf
- https://cdn.shopify.com/s/files/1/0427/4028/5607/files/tulomowubonijina.pdf
- https://46ad6f4c-87ef-44e1-9dab-5d21c79df0ee.filesusr.com/ugd/440e29_997d27af21984969b60be309508a3bf5.pdf?index=true
- https://6354af5d-3f82-47ff-8457-662f1616d3d1.filesusr.com/ugd/e643da_552f29e52a2b4c07bddd646d0dfe80e2.pdf?index=true
- https://d29ac49a-1e2e-413a-8184-e8e59389e713.filesusr.com/ugd/277b62_0bc71895b7d34b22b9dee640af4f385c.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/9127/1586/files/vuxejawo.pdf
- https://cdn.shopify.com/s/files/1/0432/3360/7842/files/arqiva_group_parent_limited_annual_report.pdf
- https://cdn.shopify.com/s/files/1/0440/2990/2998/files/chennai_gana_album_song_video.pdf
- https://cdn.shopify.com/s/files/1/0428/7057/1174/files/dekezezuvomujojefaxamofi.pdf
- https://cdn.shopify.com/s/files/1/0437/6051/7269/files/mesotelioma_pleural.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000a627.bin68d3230f86a56de4cc1623a4425aa1ce42cfa861af3289788a746e7ac6733fc0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA627 | 5112 bytes |
font_01_sfnt_off0000b78f.binf667729ba5c6904a97769edf573919391658da354693c2522b00f4dc2711b2ae |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB78F | 10160 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.