MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.club/wix?keyword=health+and+wellness+study+guide+answers'. This URL is presented within the document body, disguised as a study guide answer key, to entice users to click. The PDF also exhibits characteristics of a link farm, with numerous embedded URLs, many pointing to Shopify domains, likely to obscure the malicious destination. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=health+and+wellness+study+guide+answers
- https://cdn.shopify.com/s/files/1/0463/2366/3008/files/92297605034.pdf
- https://cdn.shopify.com/s/files/1/0432/9557/2126/files/linux_administration_course_syllabus.pdf
- https://cdn.shopify.com/s/files/1/0441/0490/8952/files/robugotenuwupokakuz.pdf
- https://cdn.shopify.com/s/files/1/0437/6510/4791/files/74443350320.pdf
- https://static.usrfiles.com/ugd/b8c837_4f430eee9e9b442993b1fc04c3d562ac.pdf
- https://static.usrfiles.com/ugd/ca9b0a_af5f69708a56429586d2176149b8f5c9.pdf
- https://static.usrfiles.com/ugd/2ac701_c3351e21ff9043da9b3a2cafeea6fe05.pdf
- https://static.usrfiles.com/ugd/b8c837_113ebf78a3324752a355d55de411a222.pdf
- https://cdn.shopify.com/s/files/1/0429/3738/5123/files/fisakupudelawisat.pdf
- https://cdn.shopify.com/s/files/1/0438/4056/9501/files/haricots_de_rein_dharicots_noirs.pdf
- https://cdn.shopify.com/s/files/1/0431/2553/8980/files/5402042198.pdf
- https://cdn.shopify.com/s/files/1/0430/6901/4165/files/dasipagu.pdf
- https://cdn.shopify.com/s/files/1/0433/0582/8520/files/fobuzosunodat.pdf
- https://cdn.shopify.com/s/files/1/0440/2062/9654/files/comelec_barangay_election_campaign_guidelines_2018.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/fusuzirosaf.pdf
- https://cdn.shopify.com/s/files/1/0431/8176/8872/files/bedajumixu.pdf
- https://cdn.shopify.com/s/files/1/0430/4466/7553/files/gsm_and_cdma_technology.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000061a2.binad43fe6dd8d90ff07f06c877549830ae4af09852bcd00be28f51212f6dc3f9bf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61A2 | 5012 bytes |
font_01_sfnt_off000072a8.bin21aba2035f9b8181f56a1c3aac21fb56daae6360d82af5ecd880a9c78b7ca189 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72A8 | 9864 bytes |
font_02_sfnt_off0000945e.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x945E | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.