MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document contains numerous links, a common tactic for SEO poisoning or redirecting users to malicious sites. The primary link, 'https://ttraff.com/wix?keyword=analisis+tecnico+de+los+mercados+financieros+pdf+completo', is flagged as a malicious redirector. The document body, though heavily corrupted, contains metadata indicating it was generated by wkhtmltopdf, suggesting it might be part of a larger automated campaign.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=analisis+tecnico+de+los+mercados+financieros+pdf+completo
- https://b2075dfc-ba55-426f-8afc-17278c198443.filesusr.com/ugd/29c71c_57f396c443b0400282f328bd520328ea.pdf?index=true
- https://bee4ac06-291f-441f-bb81-a403a65caeb5.filesusr.com/ugd/d2759c_f25156541dbd4e33bfec42cceb2c5e96.pdf?index=true
- https://80a19951-4f4c-4752-b672-f06c51d3ce59.filesusr.com/ugd/49f5ef_13e54a65c0a34bdcb6cd05cb1cb7a914.pdf?index=true
- https://1ccb176c-b9d8-45a9-b6aa-cb6194e9b82a.filesusr.com/ugd/162fe6_5a043f3d88b9451cab4e57aa8dd5be8e.pdf?index=true
- https://2933824c-536c-40f6-9735-8c7e1ef14f6a.filesusr.com/ugd/f4de5e_94b5299e018d4330b2aab598dd221c92.pdf?index=true
- https://aff49780-6a56-4cde-8bab-e236314563aa.filesusr.com/ugd/8da65f_b78c9e69952f44bdbc760350704636e2.pdf?index=true
- https://933105c2-8628-41df-b9f5-cf8633f6db37.filesusr.com/ugd/f3cb45_12a5c58110bb4282a8f6c29781cf299c.pdf?index=true
- https://82a4794e-f0f2-4700-b2f4-83d68ae6260a.filesusr.com/ugd/b7306e_22a802084cf84d5cbc7e4161afcb6c82.pdf?index=true
- https://60df4548-ef98-434a-bf35-13abe95e09c4.filesusr.com/ugd/370021_336fb76e994147d9b935ee8dff434d52.pdf?index=true
- https://610ee972-be07-4eaf-9cf6-f73dad7fffcf.filesusr.com/ugd/ab922d_be530a89959243d58d342b1425751e01.pdf?index=true
- https://3ac78304-4f75-4b99-85b7-041404b16f84.filesusr.com/ugd/93c935_65488df35db8452a9a2ae1a3c8a49661.pdf?index=true
- https://f73c06cf-ff37-4f53-a432-adaf51740b6d.filesusr.com/ugd/f08e01_f18ee02db7f84087b922aa048c81ca81.pdf?index=true
- https://4d62fa88-5b71-49a1-ae58-0a9d464551b8.filesusr.com/ugd/3e87bf_f2eb3f05195d435f9e6ecf23fe166f80.pdf?index=true
- https://3c7dc07b-35a2-46a8-83ce-f4e48d35b65e.filesusr.com/ugd/65b209_38a775c8bbac4b7bb1f48641d20eb34b.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://f73c06cf-ff37-4f53-a432-adaf51740b6d.filesusr.com/u
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a28.bine9c0d4021455c20497f3b512750a60150b50225acd767b00fd5c4947aa7ea2cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A28 | 5288 bytes |
font_01_sfnt_off00007c0f.bin55a29a5cb887c80e5c67eaecd47614e041b09109e8ef5497f04a0ad46ed58da9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C0F | 11476 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.