MALICIOUS
92
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing indicating a malicious redirector link to 'https://ttraff.cc/wb?keyword=confucianism%205%20key%20relationships'. The ML classifier also flagged this PDF with a high probability of maliciousness. The document body, though heavily obfuscated, contains the same malicious URL, suggesting the primary intent is to lure the user to this external resource.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=confucianism%205%20key%20relationships
- https://cdn.shopify.com/s/files/1/0432/8567/6192/files/dutusavujuwase.pdf
- https://cdn.shopify.com/s/files/1/0428/1987/9068/files/ratefazumo.pdf
- https://cdn.shopify.com/s/files/1/0437/0071/5674/files/gejokitaxug.pdf
- https://cdn.shopify.com/s/files/1/0434/7514/0761/files/identity_theft_report_uk.pdf
- https://cdn.shopify.com/s/files/1/0440/6214/6710/files/kolefox.pdf
- https://215e31a2-ea57-4605-a5c1-4fb2295f16b4.filesusr.com/ugd/70e7d4_5de5e62e15374493837b4a76b0b6efe2.pdf?index=true
- https://ab560fa0-706f-45d4-8cb6-d4602ec9aba1.filesusr.com/ugd/e4ff69_17ed64faa3874ac59189b5bbfc2f3e14.pdf?index=true
- https://3a28d287-3ef8-4ec1-b820-e9f075e31f4e.filesusr.com/ugd/ce4b7c_932a46b12f4e414ba9158371061d4708.pdf?index=true
- https://104a5bc9-7986-455e-860d-7c8e0b3b4b62.filesusr.com/ugd/a4c1fa_d29b13ecda074e5bbb761a06930ef4a3.pdf?index=true
- https://8913e728-1da7-4dd1-a507-254395a64010.filesusr.com/ugd/111c46_2f0f37ba75db4f9187f742ab963f8854.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00017662.bin8c0b696b911d1f954d53c0e76705a6be17f6f05b6472834eafb9b7c1ad6ee0f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17662 | 63612 bytes |
font_01_sfnt_off00023506.binad60b0a75674e40c19fbce5b488ee12b34a11ab42f1492b46c33dbd65fbea048 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x23506 | 5448 bytes |
font_02_sfnt_off00024772.bin7669b2132d6c9fdbf0289b5db104b49c021c58bd8df48160c6db371c7a9d14dd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24772 | 13092 bytes |
font_03_sfnt_off0002707e.bin82e1514807a37c3b587bb73fb8d9d7215a0a298cfcfaabb96b31a138e2434297 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2707E | 16168 bytes |
font_04_sfnt_off00028589.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x28589 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.