MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
This PDF file was flagged as malicious by an ML classifier and contains a critical heuristic indicating it links to known malicious redirector infrastructure. The document body, though heavily obfuscated, contains the URL https://ttraff.link/wix?keyword=historico+da+web+como+verificar+o, which is likely intended to redirect the user to a malicious site. The file also contains a large number of embedded PDF links, suggesting a link farm or redirection strategy.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=historico+da+web+como+verificar+o
- http://files.heanyoutloud.com/uploads/1/3/2/6/132695336/8662832.pdf
- http://files.leighkotsilidisart.com/uploads/1/3/0/8/130874067/6197307.pdf
- http://files.bankscountyfootball.com/uploads/1/3/1/6/131636978/zabalelosaxoseloxena.pdf
- http://karukeziv.cohrsfamily.com/uploads/1/3/2/6/132683438/gowavi_jekefita_mazirovukalu.pdf
- https://b8bf9ba8-e781-43da-b5c6-15433f7d0ca7.filesusr.com/ugd/c67d0c_a5efb63d7042465bab092baa1134b313.pdf?index=true
- https://d103123d-491a-4b51-afd0-8253c9d1c61c.filesusr.com/ugd/a4d998_fc02a37a916a4a2b9e6caab8dc9b7564.pdf?index=true
- https://219aa2fc-ba92-4ce3-8bd2-f50f11be9443.filesusr.com/ugd/8c5bc8_f2072bcbb55547ea849bd9db3ed16cc4.pdf?index=true
- https://b07f738f-b4f6-401d-9b13-3d9779667a67.filesusr.com/ugd/0f9ef0_29748bf1a51c43ea873a9bb38745f7d5.pdf?index=true
- https://078ac428-5ac7-4197-aef7-c20751a485e8.filesusr.com/ugd/cf14a4_b109b9b861ce4d80afb2de76779926a7.pdf?index=true
- https://d28b70c4-7bfd-432c-99da-1edce78c0500.filesusr.com/ugd/9374a7_85f5ed1415834e59ba925bb2d2e6967d.pdf?index=true
- https://265968cc-66e5-4cec-81aa-0b7f949e483a.filesusr.com/ugd/003b86_027ad91c5afe47be95aa2f345e8c45ee.pdf?index=true
- https://fa6da1cf-c3f1-4cae-bb40-87500505cb5e.filesusr.com/ugd/a37a2e_5de4902d6ddd4054a56e8ac727000f52.pdf?index=true
- https://522f56be-8f79-4e4a-a7b4-9d24ed30146a.filesusr.com/ugd/0f9ef0_d20414b57e1545fc8a293225acd2537d.pdf?index=true
- https://0b0061f7-21eb-45f5-9be7-7ff153727d9d.filesusr.com/ugd/3724a2_5cf6a901625d433fb89b1168ded5fc37.pdf?index=true
- https://a2b424a7-c4f4-4005-9719-9441f4420857.filesusr.com/ugd/a18601_6f84add40f194b7ea63c4eab2acf4e24.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000606d.bin3765dd19bf5bf25eba8ae8ebc58465473896079ea0c073f1df5304e0f7936a86 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x606D | 5388 bytes |
font_01_sfnt_off000072c2.bin5c928004e689726bcd20fd8d11185f18af2174d6193a6ec64741892e16df1592 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72C2 | 12276 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.