MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.com/wb?keyword=front%20desk%20interview%20questions%20pdf'. This indicates a social engineering attempt to trick the user into visiting a potentially harmful site. The document body, though heavily obfuscated, also contains this URL and other Shopify links, suggesting a link farm or redirection strategy. No scripts were extracted, limiting the analysis of direct payload execution.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=front%20desk%20interview%20questions%20pdf
- http://files.bouncyparadeboxers.com/uploads/1/3/1/3/131398125/nirefuvemi_welabowed_nuwozi_tajigod.pdf
- http://files.innovativestoneconcepts.com/uploads/1/3/1/6/131607544/e621a0a7.pdf
- http://files.tuftonborocentralschool.com/uploads/1/3/1/3/131378953/0a8654418be.pdf
- http://files.thetaitungteacher.com/uploads/1/3/1/3/131382148/xusujutegojeda.pdf
- https://cdn.shopify.com/s/files/1/0431/1502/0448/files/60270919261.pdf
- https://cdn.shopify.com/s/files/1/0440/3727/5813/files/55523592454.pdf
- https://cdn.shopify.com/s/files/1/0450/8326/3141/files/capital_market_download.pdf
- https://cdn.shopify.com/s/files/1/0437/0500/8293/files/food_and_beverage_cost_control_6th_edition.pdf
- https://cdn.shopify.com/s/files/1/0439/7580/3038/files/awaken_the_giant_within_indonesia.pdf
- https://cdn.shopify.com/s/files/1/0429/8339/1395/files/88666977268.pdf
- https://cdn.shopify.com/s/files/1/0429/6104/3605/files/tawasaxuj.pdf
- https://cdn.shopify.com/s/files/1/0428/2816/9375/files/49521035699.pdf
- https://cdn.shopify.com/s/files/1/0437/2103/1832/files/oathbound_paladin_build.pdf
- https://cdn.shopify.com/s/files/1/0443/3536/6300/files/material_characterization_techniques_nptel.pdf
- https://cdn.shopify.com/s/files/1/0434/7104/4774/files/frightful_s_mountain_chapter_7.pdf
- https://cdn.shopify.com/s/files/1/0436/1093/1358/files/fumagagoxumevibufi.pdf
- https://cdn.shopify.com/s/files/1/0436/2282/6142/files/87762144811.pdf
- https://cdn.shopify.com/s/files/1/0431/2917/6232/files/bexisutebajuzopajateraxok.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006ade.bind96dec82c4ab1883bb9de1bc0f9f78d25a6433a72bd71c50f790603962333edc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6ADE | 5088 bytes |
font_01_sfnt_off00007c5b.bin025f864d184f961d0b54b792ce583cc989b6a28339688ed31b202cf4aa7ba3f0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C5B | 9904 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.