MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to a link farm hosted on Shopify. The primary malicious link, https://ttraff.com/pify?keyword=bukhari+hadith+pdf+in+urdu, is identified as a malicious redirector. This suggests the document's purpose is to redirect the user to malicious infrastructure, likely for further exploitation or phishing. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=bukhari+hadith+pdf+in+urdu
- http://files.helveticliving.com/uploads/1/3/1/3/131383580/3737653.pdf
- http://fabivoz.drkeatonspeaceplan.com/uploads/1/3/0/8/130813612/4449725.pdf
- http://files.cattailconstructionllc.com/uploads/1/3/0/7/130776826/pawaxupadobeg-xewisujusirin-fixezenitabavo-luxekixat.pdf
- http://files.fortyhours.com/uploads/1/3/2/8/132816041/63b84266.pdf
- http://files.laspiritualarts.com/uploads/1/3/0/8/130813988/posenesapozosikin.pdf
- https://cdn.shopify.com/s/files/1/0428/4933/7507/files/44028812792.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/jedajuzosefowi.pdf
- https://cdn.shopify.com/s/files/1/0445/8790/9284/files/luzovodo.pdf
- https://cdn.shopify.com/s/files/1/0437/7152/7325/files/81945000588.pdf
- https://cdn.shopify.com/s/files/1/0428/5821/7631/files/zaponajuzonite.pdf
- https://cdn.shopify.com/s/files/1/0432/9209/8716/files/loxosonewuvubaze.pdf
- https://cdn.shopify.com/s/files/1/0430/0288/8351/files/south_brunswick_high_school_calendar.pdf
- https://cdn.shopify.com/s/files/1/0427/7967/2735/files/72427538254.pdf
- https://cdn.shopify.com/s/files/1/0434/7530/4612/files/27573614758.pdf
- https://cdn.shopify.com/s/files/1/0437/7369/0017/files/xufemoralipepojoz.pdf
- https://cdn.shopify.com/s/files/1/0435/4647/6708/files/beyonce_killing_me_softly.pdf
- https://cdn.shopify.com/s/files/1/0434/6278/7237/files/51765070704.pdf
- https://cdn.shopify.com/s/files/1/0436/4982/6969/files/39646092634.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b4e4.bina7de680ba27ff4389feb8af67df03d984ef978af086e54fe1068076be208f56e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB4E4 | 5032 bytes |
font_01_sfnt_off0000c603.bin0fe31942183a7879dd6eb2a5f856e088bf189ea48e977af2199af0eedfcf7b9b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC603 | 10120 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.