MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains multiple embedded links, with one identified as a malicious redirector. The document body, though heavily obfuscated, contains text that appears to be a lure for a 'camera manual'. The presence of numerous external PDF links, many pointing to benign files, suggests a link farm or SEO poisoning tactic to obscure the malicious redirector. The ML classifier also flagged this PDF as malicious with high confidence.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=fc40+camera+manual
- http://bejar.bliss-worx.com/uploads/1/3/0/7/130739430/b9bc6b.pdf
- http://files.pierrepaulbitton.net/uploads/1/3/2/7/132712447/jutapolopalozonorap.pdf
- http://vomigafaf.cremedeluxeintl.com/uploads/1/3/1/3/131379732/pigoribakezasun.pdf
- https://c9542937-718b-48cd-956b-f60dffa93089.filesusr.com/ugd/aef5b7_5e255ac4345e47b798dd472ecc6e3829.pdf?index=true
- https://9870622e-e14f-4435-97be-6c61810abf4b.filesusr.com/ugd/345929_4bb791beaee240c8820efa98685d1c5a.pdf?index=true
- https://71c943b5-f205-42ab-b77b-05c277a7f3c4.filesusr.com/ugd/3225da_e59109502c8e4fe78743368439b87009.pdf?index=true
- https://59d8a7f3-d0bc-42af-a3a2-8f08cbbf4dde.filesusr.com/ugd/804ff6_610b7b6861084210983cb532eb54ce5a.pdf?index=true
- https://056f7d84-bc55-4c5a-921f-9d3d356a2a18.filesusr.com/ugd/9cfd0a_42a2ce1c010a4cd6ac3f62c9dabd50f6.pdf?index=true
- https://eb58a354-ab1e-4d27-8d5a-7c8a4462de6e.filesusr.com/ugd/3be48b_67985589d503456daa46ae1ac5fd26fa.pdf?index=true
- https://0a6a8c23-8704-4041-97b8-53f49de655db.filesusr.com/ugd/856cea_e750afc21cf643ae98f66afa1fd5b3cf.pdf?index=true
- https://bcac5ab1-29be-41e7-a03f-3207f7cf9b96.filesusr.com/ugd/61c57f_a7a91d619e9a47498aac30af264350dd.pdf?index=true
- https://b582f6e2-11c8-4066-a968-b7f031babdfa.filesusr.com/ugd/28146e_c2d821e4aaac4ecf93579861aa6279cf.pdf?index=true
- https://d49083c1-a543-481b-b38c-90ff94405696.filesusr.com/ugd/865d50_217de7213fce48e8b1db075a74afee6c.pdf?index=true
- https://76ce13fa-6817-4dd7-a765-0d69d0ea408c.filesusr.com/ugd/2dbf5a_ba7cc5c4474841caa555e54bd446ac36.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://76ce13fa-6817-4dd7-a765-0d69d0ea408c.filesusr.com/ugd/2dbf5a_ba7cc5c4474841caa555
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006ba7.bine746fd993439954a075d0748762026f40cbafd6244533d2e77507baaa9e37b04 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BA7 | 4952 bytes |
font_01_sfnt_off00007c70.bineb4ef4229493f3998ed5b90bd3d89578f13f30a55379ce585d9f2710263d3592 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C70 | 10784 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.