MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, which is also present in the document body. This link, 'https://ttraff.link/wix?keyword=worksheet+on+converting+fractions+to+decimals+pdf', is designed to redirect users to malicious infrastructure. The PDF also contains a large number of external links, many hosted on 'static.usrfiles.com', which is flagged as a link farm. The ML classifier strongly indicates maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=worksheet+on+converting+fractions+to+decimals+pdf
- https://static.usrfiles.com/ugd/c8d394_09ebbe767987420b9a861a2795882fc7.pdf
- https://static.usrfiles.com/ugd/e49726_e513054f7b9241bc91f3656fa0742527.pdf
- https://static.usrfiles.com/ugd/6260fe_fb088af6bad84f9799a1a13d75ebc44f.pdf
- https://static.usrfiles.com/ugd/17beed_e87c4eac905f4326b84d8f7e9f27fe68.pdf
- https://static.usrfiles.com/ugd/87b9a8_25ff90c812b546b8b5dafa699994ae12.pdf
- https://static.usrfiles.com/ugd/b8c837_e24d915b7adb4a728f09d69b917fe139.pdf
- https://static.usrfiles.com/ugd/b8c837_c112fd4767cd431aad59b708858221f5.pdf
- https://static.usrfiles.com/ugd/8ff694_73d8430728204af2805036752dfaacf3.pdf
- https://static.usrfiles.com/ugd/99b222_da7e048bb42a49c8a00ccf3696638717.pdf
- https://static.usrfiles.com/ugd/3d514e_b4872b425be74e97b233837995ea5580.pdf
- https://static.usrfiles.com/ugd/ee6770_39f33bc7a015489886c8d91642ee96c3.pdf
- https://static.usrfiles.com/ugd/e3834b_fed6a1d71abb417496c39062dc9d8e79.pdf
- https://static.usrfiles.com/ugd/df73ab_522662eabaa449bc9fd36675993f799d.pdf
- https://static.usrfiles.com/ugd/b98abb_2ed4922d933249d58e008b7b515df74a.pdf
- https://static.usrfiles.com/ugd/2f3ac6_7678053ecd4d424b89bff5d53342ac5e.pdf
- https://static.usrfiles.com/ugd/83f04e_c6265df45c864e66bbc3bb7ea284a87c.pdf
- https://static.usrfiles.com/ugd/4f270c_48482ee50a8b4556bff191274938ebf7.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005ee4.bine620677684af3ff6f079b531991d5965d8293e37a93a2872525fcf2274b720f5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5EE4 | 5704 bytes |
font_01_sfnt_off00007242.bineb811bd376b91ced5bdd252a1a441e85b77175922e502dfacc1ab1d48865356c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7242 | 10212 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.