MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass external link farm, with one critical link pointing to a known malicious redirector. The document body, though heavily obfuscated, contains the string 'https://ttraff.link/wix?keyword=dr.+jennifer+daniels+md', suggesting a social engineering lure. The presence of numerous PDF links and a malicious redirector indicates an attempt to lead the user to a malicious site, likely for phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=dr.+jennifer+daniels+md
- http://files.foundationfirsthorsemanship.com/uploads/1/3/1/3/131380786/2957154.pdf
- http://repomi.delcacao.ch/uploads/1/3/1/1/131164312/7835428.pdf
- http://files.andfewyue.com/uploads/1/3/1/4/131437308/gabudibuboritotibuga.pdf
- http://files.cmglassdesigns.com/uploads/1/3/0/7/130740504/ginuvime.pdf
- https://ffcb9655-d4ec-4067-8da5-9315c4092688.filesusr.com/ugd/856cea_514fd30bede64217bea58530203a2a7b.pdf?index=true
- https://96e5e7f6-0e3b-41f1-9951-cc3abe543576.filesusr.com/ugd/e1c37d_31826e8f57184702a2f9342c38101413.pdf?index=true
- https://2d084ccf-03ca-409f-8a60-221b5c0eb7d6.filesusr.com/ugd/f80014_d11ac94edd814b9283cb21bae96e186c.pdf?index=true
- https://e02d3365-1845-4298-88d8-2638152865ff.filesusr.com/ugd/f35da0_caf5e3373eb6494fad6b40137886519d.pdf?index=true
- https://901bf562-0d70-47bd-b852-6159ddcea5b6.filesusr.com/ugd/f1780b_b0e92698d6d745f6afd19e671b2873e3.pdf?index=true
- https://370f3017-152d-4d1e-b3fa-7a9fb4e0efab.filesusr.com/ugd/268ab1_c57296949669497685d5474833f80d7b.pdf?index=true
- https://d0b435be-c9a2-456f-81c0-31cdb38866a5.filesusr.com/ugd/e1c37d_25d9a194e1a54add849cc27d714ea0df.pdf?index=true
- https://b887894b-d943-4ade-a681-b21133670c73.filesusr.com/ugd/90661f_cbcb4ea115c64209935673464557c00e.pdf?index=true
- https://e0ae0092-6868-416b-b584-30bcd89fa1a1.filesusr.com/ugd/17ce20_3e50b10cccde44d6b16b7ad3d28f799b.pdf?index=true
- https://8d393793-5737-4771-8eb9-29c075622d83.filesusr.com/ugd/65b209_66587d5e7dee4f5da652add3ced84a6e.pdf?index=true
- https://7a313d92-096c-423a-af0a-19791eeb4202.filesusr.com/ugd/c83fdb_cb042ad11d1a468785e236635d6994e0.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://7a313d92-096c-423a-af0a-19791eeb4202.filesusr.com/ugd/c83fdb_cb042ad11d1a468785e236635d6994e0.pdf?index=tr
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000054a0.bin6012ad260a51ed22cf81b9e3fb2a542a1583d18296c1ee6ec687381aeb8054f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x54A0 | 5160 bytes |
font_01_sfnt_off00006624.bina1c70874fa13dd2f818a1ff07ca8ff56273e25578cbc378fbb0216908aabbc92 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6624 | 10412 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.