MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded links, many pointing to a link farm hosted on Shopify, which is a strong indicator of SEO poisoning or link manipulation for malicious purposes. The primary malicious URL identified is a redirector, suggesting it's part of a chain to deliver a payload or conduct phishing. The document body, though heavily obfuscated, contains the malicious URL, reinforcing the lure. No scripts were extracted, limiting the analysis of direct execution vectors.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=abraham%20maslow%20teori%20humanistik%20pdf
- http://vigej.helpingthoseleftbehind.com/uploads/1/3/1/3/131383544/fuvefumusugegagote.pdf
- http://files.dakotahurley.com/uploads/1/3/0/8/130814258/tabetisifekibi_pibemil.pdf
- http://files.ahleithner.com/uploads/1/3/1/3/131398046/gimetugoniv-videtusitumut-faluzexopafep-momowep.pdf
- http://files.excphotography.com/uploads/1/3/0/8/130814831/funisefudus.pdf
- https://cdn.shopify.com/s/files/1/0431/5519/4011/files/denopuwo.pdf
- https://cdn.shopify.com/s/files/1/0429/8801/1673/files/muxuvamojux.pdf
- https://cdn.shopify.com/s/files/1/0427/8393/2582/files/jibokuragu.pdf
- https://cdn.shopify.com/s/files/1/0434/6249/2310/files/antrenmanlarla_matematik_4_konular.pdf
- https://cdn.shopify.com/s/files/1/0430/5515/3303/files/zavekifijezevug.pdf
- https://cdn.shopify.com/s/files/1/0435/4496/9367/files/13976791613.pdf
- https://cdn.shopify.com/s/files/1/0432/9875/0629/files/86878204706.pdf
- https://cdn.shopify.com/s/files/1/0438/9902/7611/files/44690616074.pdf
- https://cdn.shopify.com/s/files/1/0431/5847/0810/files/fidijesajew.pdf
- https://cdn.shopify.com/s/files/1/0433/6179/6248/files/38849268314.pdf
- https://cdn.shopify.com/s/files/1/0428/4448/7836/files/mumilaze.pdf
- https://cdn.shopify.com/s/files/1/0432/7810/6779/files/sdgs_un.pdf
- https://cdn.shopify.com/s/files/1/0436/7430/4662/files/94168734504.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000868b.binc28d4fbb50f3600b9e3fb02437cb02cfc6304146ed6c66d053beedaa829d48d8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x868B | 3360 bytes |
font_01_sfnt_off0000928b.bin63302dbcbd80ddda49ac741ae7d3e77c92841ed4b322673b82487c911bee393b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x928B | 5568 bytes |
font_02_sfnt_off0000a55a.bin8b1b54ee9455f83e0a72ff0d211f314b1a1389904a74f09b2cf3bc2f3f1ab930 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA55A | 15064 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.