MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external PDF links, suggesting a link farm. One of the embedded URLs, 'https://ttraff.ru/pify?keyword=combobox+wpf+style+template', is identified as a known malicious redirector. The document body contains garbled text but also includes the same malicious URL and numerous Shopify-hosted PDF links, reinforcing the link farm and redirection attack pattern. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=combobox+wpf+style+template
- https://cdn.shopify.com/s/files/1/0431/1079/3370/files/kabexefukuremukagore.pdf
- https://cdn.shopify.com/s/files/1/0436/7941/6473/files/4776535129.pdf
- https://cdn.shopify.com/s/files/1/0428/5127/0823/files/lolesolemi.pdf
- https://cdn.shopify.com/s/files/1/0438/7989/1099/files/fopoxosopekagemeres.pdf
- https://cdn.shopify.com/s/files/1/0430/3477/1610/files/bilalawapipagaxigeso.pdf
- https://cdn.shopify.com/s/files/1/0434/1180/0220/files/bush_pin_type_coupling.pdf
- https://cdn.shopify.com/s/files/1/0431/3546/7682/files/rujep.pdf
- https://cdn.shopify.com/s/files/1/0433/3391/0681/files/48239883469.pdf
- https://cdn.shopify.com/s/files/1/0444/3560/3623/files/tirezosewafupajozumodow.pdf
- https://cdn.shopify.com/s/files/1/0435/3916/9429/files/17600658003.pdf
- https://cdn.shopify.com/s/files/1/0433/9931/5619/files/rinaxumi.pdf
- https://cdn.shopify.com/s/files/1/0435/7616/4515/files/smith_and_wesson_owners_manual.pdf
- https://cdn.shopify.com/s/files/1/0432/1103/0690/files/recommendation_letter_template.pdf
- https://cdn.shopify.com/s/files/1/0433/6710/4668/files/35836086709.pdf
- https://cdn.shopify.com/s/files/1/0430/7707/5108/files/kpmg_brand_identity_guidelines.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/16949815227.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057aa.bin8f0918f9363219313ef5ce3efc83f7b953335cf883645c976bd9f16f5a04b950 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57AA | 5256 bytes |
font_01_sfnt_off00006996.bin13a21bf0e58b7d5a1fe06b15d55696cb0f4a027c1cb83a0b26e9900be475bff5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6996 | 13932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.