MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1059.001 Command and Scripting Interpreter: PowerShell
The PDF contains a link to a known malicious redirector, ttraff.club, which is designed to lead users to malicious content. The document body, though heavily obfuscated, contains the target URL and appears to be a lure related to a synonym search. The presence of numerous other links to external PDF files, many hosted on CDN platforms, suggests a link farm or SEO poisoning tactic to distribute the malicious PDF.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=synonym+for+self+satisfied
- http://files.bhawanimaa.org/uploads/1/3/0/7/130739648/632af4fa.pdf
- http://puxaz.regenerateyourauthenticnature.com/uploads/1/3/0/8/130814397/88da22143.pdf
- http://dijeti.schihei.eu/uploads/1/3/1/3/131379605/b5e9cd491865.pdf
- http://files.cghcollectibles.com/uploads/1/3/1/4/131438329/2207687.pdf
- http://fupawat.belantine.com.au/uploads/1/3/1/8/131857363/468eab66e4e368b.pdf
- http://files.net.fruklas.com/uploads/1/3/0/7/130739457/481308.pdf
- http://raluwo.artscapelebanon.org/uploads/1/3/2/6/132695351/lafawepixid_fesusolem_sukujesowiw_sawow.pdf
- https://uploads.strikinglycdn.com/files/a8a530ec-99c3-46d9-aef5-374cc876691d/vatijuzabiv.pdf
- https://uploads.strikinglycdn.com/files/daff9951-8771-4b68-840f-a45db22b7f30/wiwajijenikuwes.pdf
- https://uploads.strikinglycdn.com/files/4a60c3c3-3078-4199-a0a7-1d3d867b24f5/gajunevobijuv.pdf
- https://uploads.strikinglycdn.com/files/43aea424-b9cf-4266-824d-4510d2baf2fb/rujul.pdf
- https://cdn.shopify.com/s/files/1/0483/8673/6286/files/pixewobavupix.pdf
- https://cdn.shopify.com/s/files/1/0429/9236/9823/files/peshawar_nights.pdf
- https://cdn.shopify.com/s/files/1/0497/8468/4706/files/long_beach_street_sweeping_schedule_map.pdf
- https://cdn.shopify.com/s/files/1/0437/2011/4344/files/fly_gps_apk_new_version_download.pdf
- https://cdn.shopify.com/s/files/1/0482/6762/4603/files/xobigabivadimukowafosa.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a6f.bin25e0dd0002864754915ee3d13bf5178f42ce5cb1f997e3aceb6a66d8f4698528 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A6F | 5048 bytes |
font_01_sfnt_off00007b72.bin5c28ebcca7d831a47df31f275fd907d6c489c3fcbf0e04e967cb3a79451018de |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B72 | 10324 bytes |
font_02_sfnt_off00009eca.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9ECA | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.