MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a high number of embedded links, many of which point to a redirector infrastructure. The primary malicious URL, https://ttraff.me/wix?keyword=manual+biblico+nelson+pdf, is flagged as a malicious redirector. The document body, though heavily obfuscated, contains references to 'manual biblico nelson pdf', suggesting a lure to trick users into clicking the malicious link. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=manual+biblico+nelson+pdf
- https://d876da34-3474-41ac-9ab0-54692d7a75e8.filesusr.com/ugd/1cc777_59d92147fe064190b27347377260ec1e.pdf?index=true
- https://33ee9540-75a1-4015-b872-5600e76011a9.filesusr.com/ugd/e948c1_6478a49573dc47ae9fc6883ac43b2425.pdf?index=true
- https://be433c13-7206-4df6-add3-480a90f64d28.filesusr.com/ugd/954c8b_ddc21bf5ad524e82a21e3b2926ab00ae.pdf?index=true
- https://568bed54-2f66-46ca-8596-697ffe899268.filesusr.com/ugd/45fd81_3efe927cffea4e818a4313f8ee9d292e.pdf?index=true
- https://7e954b61-bd7c-4417-a1e8-a242c18b84ac.filesusr.com/ugd/bba345_68be99421f104651828b5b96de6909e1.pdf?index=true
- https://061ef07f-4b98-4765-83c1-628e5dddf232.filesusr.com/ugd/31bf02_a747fb899e7348659ae61b4a6bcbe9ac.pdf?index=true
- https://26c3ff27-b61b-48c5-afd7-9380d48e11d9.filesusr.com/ugd/7d21c0_687b59c2f89d4cd7b3868edea0907f4a.pdf?index=true
- https://9d39d653-950c-46de-ab99-dd3fced6becd.filesusr.com/ugd/8a4248_5b72d37c3c78416986aeca0f50817c8b.pdf?index=true
- https://d6283f88-600a-4e63-aac1-0026e622b5de.filesusr.com/ugd/78daac_e81379974e934600ad216620e3f4496c.pdf?index=true
- https://23b2e6e4-15e5-4621-87f6-fec9187124f9.filesusr.com/ugd/0010c8_35729d21d1bd414aa52ce98d2e8535ee.pdf?index=true
- https://46647d56-b2c6-415c-907e-cd01b80dc042.filesusr.com/ugd/f80014_68b861bed6e64ed4a601ad515f87f712.pdf?index=true
- https://912750f1-21a0-4ca6-951d-634584cee96e.filesusr.com/ugd/6a7407_05d9f2ec63fc476fae3b2c52c0cfc71f.pdf?index=true
- https://33d9f045-dfe9-44d5-8cdd-dbcc6f090075.filesusr.com/ugd/f6336d_0a7a4b263de14c8c8f916110833e02cc.pdf?index=true
- https://98c8f798-d4d5-4ed6-a4f4-040ee5bad0e8.filesusr.com/ugd/9117e0_458718c3079b4d9abb9216dcf6ef3986.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000541b.bin381254a335bdcbec9c9c6c8bb434cc72d14c918babd97840ca122dc437672bfc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x541B | 5200 bytes |
font_01_sfnt_off000065e7.bind76f9715c129c3b7cbae8f11cee79ef79853a982ad025be00aecc86f2d439fe9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65E7 | 10528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.