MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a link farm. The ML classifier also strongly indicated maliciousness. The embedded links, particularly the one to 'ttraff.cc', suggest a redirection chain designed to lead the user to a malicious site, likely for phishing or malware delivery. The presence of numerous Shopify links, while some are benign, contributes to the link farm characteristic.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=matura+podstawowa+angielski+s%25C5%2582ownictwo+pdf
- http://files.jsmaxwell.com/uploads/1/3/1/1/131163590/1627488.pdf
- http://rumuziw.debattierclub-muenchen.de/uploads/1/3/1/4/131453284/vigeraze-bebobavulu-bibowufok.pdf
- http://files.kirajewellerickson.com/uploads/1/3/1/3/131381602/zujiwan.pdf
- https://cdn.shopify.com/s/files/1/0432/8525/0216/files/century_21_accounting_book.pdf
- https://cdn.shopify.com/s/files/1/0430/6858/8194/files/xokunepiladi.pdf
- https://cdn.shopify.com/s/files/1/0435/0381/2773/files/3055252399.pdf
- https://cdn.shopify.com/s/files/1/0433/9692/3555/files/busser_job_description.pdf
- https://cdn.shopify.com/s/files/1/0428/8158/1209/files/gipamuwokudanixofapufipo.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/wemulaw.pdf
- https://cdn.shopify.com/s/files/1/0432/0549/2904/files/buzedafasufiwagadudepupes.pdf
- https://cdn.shopify.com/s/files/1/0433/1329/9620/files/guravawogopudided.pdf
- https://cdn.shopify.com/s/files/1/0431/4556/0219/files/28086805419.pdf
- https://cdn.shopify.com/s/files/1/0430/6511/4775/files/1607459743.pdf
- https://cdn.shopify.com/s/files/1/0434/0360/8216/files/68408334523.pdf
- https://cdn.shopify.com/s/files/1/0431/1423/4017/files/sanofugo.pdf
- https://cdn.shopify.com/s/files/1/0429/2096/8351/files/4856951730.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000654b.bin2e36c3f45bb624b05fdfe6ec1f45c2cea1f0119c2683a8b867e4a1afeddfe34b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x654B | 5420 bytes |
font_01_sfnt_off000077df.bin51ebeec29509b87aa858d500e37ac8853184703d07d1f913ce36d8e1dc7764c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77DF | 1800 bytes |
font_02_sfnt_off0000806d.bin629102babea50e86bed69f6b1a25a9d0c1bccfc642eecb44633c5043f2685c1e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x806D | 11396 bytes |
font_03_sfnt_off0000a4a4.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA4A4 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.