MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to external PDF files hosted on various domains. One critical heuristic firing indicates a direct link to a known malicious redirector infrastructure at 'https://ttraff.cc/pify?keyword=albinismo+en+pediatria+pdf'. This suggests the document is designed to redirect users to malicious content, likely for phishing or malware distribution. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=albinismo+en+pediatria+pdf
- http://files.new2ufashions.net/uploads/1/3/1/6/131636766/xapuwene.pdf
- http://files.jodimarieevents.com/uploads/1/3/2/6/132696210/xevufugonebif.pdf
- http://wofuda.amitie-collection.com/uploads/1/3/0/7/130775795/zadimatuzul-zulakisu-fibofezolalof-fapadoti.pdf
- http://files.seasprayaustralianlabradoodles.com/uploads/1/3/1/8/131871762/somobig.pdf
- https://cdn.shopify.com/s/files/1/0434/5423/4785/files/9783814171.pdf
- https://cdn.shopify.com/s/files/1/0434/3808/0166/files/68882522965.pdf
- https://cdn.shopify.com/s/files/1/0428/1742/1479/files/79719680618.pdf
- https://cdn.shopify.com/s/files/1/0433/2814/3510/files/putonakijagiduxosopurivo.pdf
- https://cdn.shopify.com/s/files/1/0429/3401/0015/files/bizininobebolojos.pdf
- https://cdn.shopify.com/s/files/1/0431/8153/9489/files/35638337578.pdf
- https://cdn.shopify.com/s/files/1/0431/7796/7778/files/53302363028.pdf
- https://cdn.shopify.com/s/files/1/0429/8535/7463/files/zamutujitenemal.pdf
- https://cdn.shopify.com/s/files/1/0437/7496/7965/files/89115474836.pdf
- https://cdn.shopify.com/s/files/1/0435/2134/3647/files/bisewa.pdf
- https://cdn.shopify.com/s/files/1/0434/6196/8025/files/how_to_clear_variables_in_python.pdf
- https://cdn.shopify.com/s/files/1/0438/1147/1520/files/53220713227.pdf
- https://cdn.shopify.com/s/files/1/0435/0056/8736/files/31274687544.pdf
- https://cdn.shopify.com/s/files/1/0437/5583/1445/files/waledo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000847e.bin172bedc6f83641309f0c09ce7d5aac82767801680380e7dbe83dedaea6149906 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x847E | 5316 bytes |
font_01_sfnt_off00009665.bin905f23542be6dfacd33005159156d90b1367012ea70bdac2474c1b381de40faf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9665 | 15496 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.