MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
This PDF file contains multiple embedded links, with one pointing to a known malicious redirector. The document body, though heavily obfuscated, contains text related to 'Costco tri tip sous vide' and the authoring application 'wkhtmltopdf', suggesting a lure to disguise the malicious intent. The presence of a link farm heuristic further indicates a malicious redirection attempt, likely to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=costco+tri+tip+sous+vide
- https://cdn.shopify.com/s/files/1/0432/2305/6545/files/joxivodizefuzawok.pdf
- https://cdn.shopify.com/s/files/1/0435/7115/1007/files/power_amplifier_book.pdf
- https://cdn.shopify.com/s/files/1/0430/9050/9973/files/cambridge_igcse_physics_coursebook_david_sang_free_download.pdf
- https://856cb343-71c7-4e1b-98b8-c4ca3fa4d8c9.filesusr.com/ugd/dcc11b_26f0650390b2423da40fee263d031130.pdf?index=true
- https://ec8d66cd-493c-4cde-875a-44e26b5db311.filesusr.com/ugd/65b209_fa9f02e1022f4aa1a95b65eee92564b7.pdf?index=true
- https://b9de678d-d316-4bf2-86bc-1b91eabd8b9f.filesusr.com/ugd/4329d7_357cda763e6742259a63d85cbc1cbc1c.pdf?index=true
- https://bddec66a-e2cf-4c74-82f3-c4ccedd95153.filesusr.com/ugd/0af078_f37ae750104545328a322b99b32bb289.pdf?index=true
- https://a1543656-6013-419a-a4f6-386d0f7e2093.filesusr.com/ugd/4329d7_9fe5c360133a459a8a5d6f45d0531fdf.pdf?index=true
- https://94b656d9-a167-43af-9595-ab3e76fd09c6.filesusr.com/ugd/359e64_82a4c7f926be48ac939a59bcff187953.pdf?index=true
- https://ae47d128-d92d-4072-9256-b7fff903fd58.filesusr.com/ugd/b7306e_8f35e2941ef04ff4b65f9444f49e8f33.pdf?index=true
- https://cdn.shopify.com/s/files/1/0435/7832/7199/files/3628183535.pdf
- https://cdn.shopify.com/s/files/1/0432/5965/8398/files/95015646235.pdf
- https://cdn.shopify.com/s/files/1/0432/2174/5825/files/garasina.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000634f.binac7bdb4787b59df1ca2c0ebd959e4e010562e489368123b5625572de29ea73fa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x634F | 4684 bytes |
font_01_sfnt_off0000735d.bin3b0f5b0cc73506f205772c6489ba037fbc22a76f727435a2a7a041bda04d738e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x735D | 10460 bytes |
font_02_sfnt_off00009724.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9724 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.