MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a prominent link to 'ttraff.me' which is flagged as a malicious redirector. The document body, though heavily obfuscated, contains the same URL and keywords related to 'appvalley apk ios 11', suggesting a lure for potentially unwanted applications or malware. The presence of a large number of external PDF links also indicates a link farm, likely for SEO manipulation or to distribute further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=appvalley+apk+ios+11
- https://static.usrfiles.com/ugd/8a9bcc_775f33d09d2d4607988a92f942c418d9.pdf
- https://static.usrfiles.com/ugd/b11f6d_2022ef1672b54d458745df0f76f533d5.pdf
- https://static.usrfiles.com/ugd/34e21e_cb35439fe7f2414bbcfdf83c581d8963.pdf
- https://static.usrfiles.com/ugd/b8c837_5defc467423642cb83b87c30d353fdb4.pdf
- https://static.usrfiles.com/ugd/2994dd_c47aa288fa5c4cd9a1c06809a02196bc.pdf
- https://cdn.shopify.com/s/files/1/0431/8684/7903/files/tebaxemozupogenomojidir.pdf
- https://cdn.shopify.com/s/files/1/0427/6482/8838/files/pitibokufikuraj.pdf
- https://static.usrfiles.com/ugd/268ab1_a7b65647952b4773aa9ccbb85704c8eb.pdf
- https://static.usrfiles.com/ugd/ccf397_0785c8478e6246439e89e2f69e2928ef.pdf
- https://static.usrfiles.com/ugd/8b2c09_0b3cb56b1b7744ee8d434b618aa177f1.pdf
- https://static.usrfiles.com/ugd/0d002d_fb7b0e83254f44ed98605cc1232c9b3f.pdf
- https://static.usrfiles.com/ugd/b8c837_f035972904dc4f688e7143e1609cbd03.pdf
- https://static.usrfiles.com/ugd/041b56_1875712051b04360b9fc21ded9a0cd7e.pdf
- https://static.usrfiles.com/ugd/f96b02_bdc9ddf006864a6eb8bf3750f93be96a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000652d.binedcf2a06e89f3a6b022d7fb52e57f8724feee8c70eda18f368a2934af6e5f677 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x652D | 4984 bytes |
font_01_sfnt_off00007647.bin8835947f2dd4830ccf907ce4dfa2fce07e364fc57d38b53bdf750876fb5fe996 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7647 | 9968 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.