MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains numerous embedded links, with one critical heuristic identifying a link to a known malicious redirector. The document body, though heavily obfuscated, contains text related to 'jazz standards piano sheet music pdf' and the malicious URL, suggesting a lure. The presence of multiple unknown URLs hosted on file-sharing domains further supports the malicious intent. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=jazz+standards+piano+sheet+music+pdf
- http://files.connectorofpeople.com/uploads/1/3/0/9/130969054/sigenadigazovabip.pdf
- http://files.cardenhomebuilders.com/uploads/1/3/2/6/132695575/rupexupo.pdf
- http://files.manisha-sharma.com/uploads/1/3/1/4/131482954/8631d.pdf
- http://files.thebrooklynbarberacademy.com/uploads/1/3/1/3/131398362/4a55f85be9edc.pdf
- https://cdn.shopify.com/s/files/1/0434/5161/3334/files/36277889273.pdf
- https://cdn.shopify.com/s/files/1/0431/6463/1195/files/58449443666.pdf
- https://cdn.shopify.com/s/files/1/0429/9672/7957/files/wijitipigirumasopudegafu.pdf
- https://cdn.shopify.com/s/files/1/0429/3630/3782/files/62318344474.pdf
- https://cdn.shopify.com/s/files/1/0429/9309/0714/files/21501391261.pdf
- https://cdn.shopify.com/s/files/1/0430/5800/4117/files/75419458964.pdf
- https://cdn.shopify.com/s/files/1/0434/0423/0805/files/bewasesok.pdf
- https://cdn.shopify.com/s/files/1/0430/1104/7575/files/zewivamudokitem.pdf
- https://cdn.shopify.com/s/files/1/0436/1243/8685/files/36545687829.pdf
- https://cdn.shopify.com/s/files/1/0432/4841/8973/files/votozozefowikakazo.pdf
- https://cdn.shopify.com/s/files/1/0437/7437/8138/files/fusozimida.pdf
- https://cdn.shopify.com/s/files/1/0428/4016/2470/files/siwigaverim.pdf
- https://cdn.shopify.com/s/files/1/0437/8584/6933/files/99369697619.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000079a3.bin3194b3e77a0d00ac89e768042b196292835b3952d7a4094c7c310363a50f4a90 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79A3 | 5404 bytes |
font_01_sfnt_off00008be6.bin654df1e4293b35cd0b12eb04a03f3108ed807d80db28c3f4b53941be4fea5378 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8BE6 | 10428 bytes |
font_02_sfnt_off0000afbd.bin84650fe671c70ac66f3af0994468c9b9feb42d01905b0f030d5781e095ef8e52 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAFBD | 16100 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.