MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains multiple embedded links, with one specifically pointing to a known malicious redirector. The ML classifier also strongly indicated maliciousness. The document body is heavily obfuscated and appears to be generated content, likely a lure to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=vocal%20nodul%20adalah%20pdf
- http://files.hippiechickherbalharmony.com/uploads/1/3/0/7/130775352/3429570.pdf
- http://files.oliverandchatfield.com/uploads/1/3/1/4/131453248/xemejipuzuk_kiwexudaxoxap_wepiru_zufezuroderu.pdf
- http://files.ontmoetpalestina.nl/uploads/1/3/2/6/132695470/3958713.pdf
- http://files.clarityautoglass.com/uploads/1/3/1/4/131453894/152156.pdf
- http://files.clarityautoglass.com/uploads/1/3/1/4/131453894/15
- https://cdn.shopify.com/s/files/1/0430/5806/9655/files/51362234570.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/6219719719.pdf
- https://cdn.shopify.com/s/files/1/0434/5249/8070/files/luparemeziset.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/tiwimuz.pdf
- https://tazesetinud.files.wordpress.com/2020/07/dejiloketesiduxoxikewo.pdf
- https://gozadadud.files.wordpress.com/2020/07/59972444813.pdf
- https://bamosuto.files.wordpress.com/2020/06/5775667884.pdf
- https://xajilaxaluv.files.wordpress.com/2020/06/molixitukozeru.pdf
- https://lamezogegora91309051.files.wordpress.com/2020/06/ponuwepowotibu.pdf
- https://cdn.shopify.com/s/files/1/0429/9839/9139/files/24084050198.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/36283751979.pdf
- https://cdn.shopify.com/s/files/1/0432/6840/7464/files/79687397812.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/38935964995.pdf
- https://cdn.shopify.com/s/files/1/0431/4664/1570/files/moxurokuzomisej.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/58657968950.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/xazijejizamoketabuguta.pdf
- https://cdn.shopify.com/s/files/1/0429/9925/1093/files/nukubafufetopufigosaw.pdf
- https://cdn.shopify.com/s/files/1/0431/2216/3876/files/27316000247.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f69.binf03bde337fc6568305d0b7e05784e965172fb5a0947c85b49682150bf8877dfe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F69 | 4568 bytes |
font_01_sfnt_off00007ede.bin5c2f0765b09b2809dce4c61d35b36d839fee7c322107c62a3d57439c11b8099c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EDE | 9412 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.