MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
This PDF document contains a link to a known malicious redirector, identified by the heuristic PDF_MALICIOUS_REDIRECTOR_LINK. The document body, though heavily obfuscated, contains the URL that likely serves as the lure. The presence of a large number of external PDF links suggests a link farm or SEO poisoning tactic to increase visibility of the malicious content. No scripts were extracted, and the primary malicious activity appears to be redirection to a harmful URL.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=berger+paints+jamaica+annual+report+2016
- https://cdn.shopify.com/s/files/1/0428/6103/5686/files/gepukesineno.pdf
- https://cdn.shopify.com/s/files/1/0431/9667/8301/files/tunexenarega.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/tijubijevuvikupox.pdf
- https://cdn.shopify.com/s/files/1/0434/1537/1932/files/how_to_update_golang.pdf
- https://cdn.shopify.com/s/files/1/0436/6660/4182/files/kilutijepupiwovurupatiku.pdf
- https://cdn.shopify.com/s/files/1/0471/0023/1830/files/victoria_2_pdm.pdf
- https://cdn.shopify.com/s/files/1/0431/7862/3138/files/72335971731.pdf
- https://cdn.shopify.com/s/files/1/0439/4388/7016/files/2920062998.pdf
- https://cdn.shopify.com/s/files/1/0434/4204/5090/files/raspberry_pi_hole.pdf
- https://cdn.shopify.com/s/files/1/0437/3685/8776/files/liromel.pdf
- https://static.usrfiles.com/ugd/83b1b3_8c775538784641a5902cad29dc805ff2.pdf
- https://static.usrfiles.com/ugd/eb6612_58b1ebbe90564415ada9fa3b9c344731.pdf
- https://static.usrfiles.com/ugd/b8c837_bc707d8188394feda3da4bf5721843b6.pdf
- https://static.usrfiles.com/ugd/10e3af_5f8059b11f3548a9b7d6ed25e9e0965c.pdf
- https://static.usrfiles.com/ugd/a4d998_79f38eb7419c4369a9cf7c7f6580af79.pdf
- https://static.usrfiles.com/ugd/0286dd_b706d74878d34e03a20687be1dd85176.pdf
- https://static.usrfiles.com/ugd/eb4c03_0a8b2f745b4349908d6e302e8c386b1d.pdf
- https://static.usrfiles.com/ugd/e2c250_78e123c1cf1f424c8d99bd30ad7c94e1.pdf
- https://static.usrfiles.com/ugd/fa32a6_ca9b7b69af8f46a385b4a6e067fb2b1b.pdf
- https://static.usrfiles.com/ugd/ce14f3_64ce2031354d4e18b47d869fed530697.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001180c.bin92dc4b61d2a9d2de48b42254e171b8a372617b4c310253ffdb8073347818ee3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1180C | 5856 bytes |
font_01_sfnt_off00012bf6.bin3e74354505907948577a57ce02219a1d02f67428a7a46e54bfb7f16ed7975435 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12BF6 | 15412 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.