MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to external PDF files hosted on various domains. One prominent link, 'https://ttraff.me/wix?keyword=trenton+elementary+school+supply+list', is identified as a malicious redirector. The document body, though partially corrupted, contains text related to a school supply list, suggesting a social engineering lure. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=trenton+elementary+school+supply+list
- http://files.colleenbronner.com/uploads/1/3/1/0/131071164/9000340.pdf
- http://files.artsmindfulmedium.com/uploads/1/3/1/6/131606231/juduguxokumexuvese.pdf
- http://xanirobov.ronaldchaseauthor.com/uploads/1/3/1/4/131452922/bevituter.pdf
- http://sazefan.abby-humphreys.com/uploads/1/3/0/7/130738780/96a5df6d7ead93.pdf
- http://kalogaso.sari-campos.com/uploads/1/3/2/6/132696323/tesapofosu.pdf
- https://02a28826-2f7b-433b-badf-3a785b24b2c9.filesusr.com/ugd/3bbd68_d6d2ea87c1af400c9b60a9ec8f08782e.pdf?index=true
- https://b30e2544-3f07-47b1-a42b-7e850d97a301.filesusr.com/ugd/221eaa_9e3094eaec8d4a37a7fbb3a38ffab55e.pdf?index=true
- https://a47c81bc-7d9b-4702-87e0-b7b45890a267.filesusr.com/ugd/22739b_47702448086049c1bc6b921a1a536850.pdf?index=true
- https://ff1e3b03-7c45-49f1-83d2-ff4bd5a4c6c3.filesusr.com/ugd/808d8c_746a0a054208438dab83edda8fb32729.pdf?index=true
- https://7a82c48d-773e-42dd-90da-5666e6233509.filesusr.com/ugd/c33cdb_f1979b6cb29844c6a3f4d9ec1a1dc98b.pdf?index=true
- https://85d930b0-bb32-4579-9099-ae5ded70a45f.filesusr.com/ugd/76aeb6_2189864b02a24bcc9fa2d61ff5d4a35f.pdf?index=true
- https://a58da8a6-919b-4017-bb0c-284829624237.filesusr.com/ugd/39a0fd_f8567e9fbf9040ad9551a4da67b39e6a.pdf?index=true
- https://44b8ef2b-323a-4093-8adf-e873ed72c002.filesusr.com/ugd/50988c_2654bbfe96c040c2aa6a671e1635d006.pdf?index=true
- https://637ee8ff-a9f3-46ac-ba5b-53041158627d.filesusr.com/ugd/585b1d_72333557af444b1293ac884774b79837.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000061c7.binab360370b5d87951d95c1c1b9e8eb9f9cdf308286663108cd72185c7e1b298b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61C7 | 5224 bytes |
font_01_sfnt_off00007366.bind56abad8b4df9a1f8a75a33fc2e32d5ab3648938097b3b36c8e83892bb8500f7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7366 | 10620 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.