MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a large link farm. The embedded links, such as the one pointing to 'ttraff.ru', are likely part of a phishing or malware distribution scheme. The ML classifier also strongly indicated maliciousness. No scripts were extracted, but the sheer volume of outbound links suggests a broad attempt at user compromise.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=android+studio+change+name+of+project
- https://static.usrfiles.com/ugd/b8c837_0430c70f4fc94b58b4a252bb469f3863.pdf
- https://static.usrfiles.com/ugd/78c764_1e2f0331468d4ea0aafc7565dfd3e20f.pdf
- https://static.usrfiles.com/ugd/71fd01_a611a81d94314f78b5caa78bd24aa203.pdf
- https://static.usrfiles.com/ugd/22bf55_9fc066a3345848ca9a4a011816789c2e.pdf
- https://cdn.shopify.com/s/files/1/0432/2492/4319/files/30310260703.pdf
- https://cdn.shopify.com/s/files/1/0437/7044/5975/files/54042484246.pdf
- https://cdn.shopify.com/s/files/1/0433/6880/8613/files/75544995360.pdf
- https://cdn.shopify.com/s/files/1/0436/9216/3227/files/51101726508.pdf
- https://cdn.shopify.com/s/files/1/0440/9150/6840/files/susixovobovuwexezik.pdf
- https://static.usrfiles.com/ugd/c83fdb_130373a4e7c04f37a7f6fbc6818299fe.pdf
- https://static.usrfiles.com/ugd/d3758e_d7dda17e931849b29b9352587c5a7936.pdf
- https://static.usrfiles.com/ugd/b8c837_be15e82486eb4077ada1821a06a4844a.pdf
- https://static.usrfiles.com/ugd/86319b_a79b0f5185c84a5daf568294b97fb75d.pdf
- https://static.usrfiles.com/ugd/764aaa_e66dbe608b3d45258a24f7d8a64b138c.pdf
- https://cdn.shopify.com/s/files/1/0432/2174/5823/files/zevirefe.pdf
- https://cdn.shopify.com/s/files/1/0427/8085/2383/files/demakizasimedemo.pdf
- https://cdn.shopify.com/s/files/1/0437/8004/6997/files/japan_tour_guide_free.pdf
- https://cdn.shopify.com/s/files/1/0431/7836/0987/files/76715251843.pdf
- https://cdn.shopify.com/s/files/1/0462/3902/3253/files/puxofekurivivijixedatis.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007f4b.bin28d4502befe4ad10ddb06a7afee4c0ff5f799733d70bd2e3e87109c897e8ed0f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F4B | 5600 bytes |
font_01_sfnt_off00009239.bin6a03eb8eb26b6abdc789f17e31025ca305672d675c42ee9953e6c13440c688fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9239 | 10876 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.