MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a malicious redirector link disguised as a search result for a popular children's show. This link, 'https://ttraff.cc/pify?keyword=chhota+bheem+and+krishna+in+tamil', is designed to lead users to potentially harmful content. The PDF also exhibits characteristics of a link farm, embedding numerous other PDF links, many of which point to unknown or potentially malicious domains. The ML classifier strongly supports the malicious nature of this document.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=chhota+bheem+and+krishna+in+tamil
- http://lapolab.allcoinspections.com/uploads/1/3/0/8/130813528/selukerivasuseve.pdf
- http://files.fdbda.com/uploads/1/3/0/7/130776407/vilozetepoveru-mumowufupewi-gekinalevu.pdf
- http://lenuja.willisandsonsfuneralhm.com/uploads/1/3/1/0/131070786/xosaruvagagexe.pdf
- http://fopomak.wmosullivan.com/uploads/1/3/1/4/131482975/kenebale.pdf
- https://cdn.shopify.com/s/files/1/0446/4685/8915/files/bad_blood_theranos_download.pdf
- https://cdn.shopify.com/s/files/1/0431/8792/9245/files/23737203957.pdf
- https://cdn.shopify.com/s/files/1/0435/2186/7930/files/spring_framework_documentation.pdf
- https://cdn.shopify.com/s/files/1/0437/7804/8162/files/biochemistry_by_lehninger_free_download.pdf
- https://cdn.shopify.com/s/files/1/0431/6977/5782/files/94672404526.pdf
- https://cdn.shopify.com/s/files/1/0448/4136/9761/files/jamuzuvegivafuzemaf.pdf
- https://cdn.shopify.com/s/files/1/0435/2396/5080/files/alamo_drafthouse_winchester_menu.pdf
- https://cdn.shopify.com/s/files/1/0430/8077/7882/files/papusakatukuw.pdf
- https://cdn.shopify.com/s/files/1/0433/6176/3480/files/acer_aspire_one_kav60_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/0971/2021/files/panezojemaralefogase.pdf
- https://cdn.shopify.com/s/files/1/0434/1871/4264/files/tunoti.pdf
- https://cdn.shopify.com/s/files/1/0461/1332/5219/files/baby_are_you_coming_lyrics.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000465e.bin2d558d5c41b6aedbefe03afc6d6ae55a5c1f82c6954fafed966a7d41f26dd31e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x465E | 5176 bytes |
font_01_sfnt_off000057c9.bin0515895aab2585de555e493276a4dcbdce87fd036c88ef02c8b362f96c28bee9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57C9 | 9784 bytes |
font_02_sfnt_off00007983.bin2e1dcfa215ff7068e156f9bca6f25e666cb310e753e20272ef9c89573ef626fa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7983 | 16380 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.