MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link disguised as a game development guide, which redirects to a known malicious URL. The ML classifier also flagged this PDF with high confidence. The primary attack vector appears to be social engineering through a deceptive document, leading to a malicious redirector.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=the+ultimate+guide+to+game+development+with+unity+2019+pdf
- https://static.usrfiles.com/ugd/b8c837_7e136b3e22ea48c59343d51277a2b9ae.pdf
- https://static.usrfiles.com/ugd/4f270c_5ebb93f450e54ce68829ddd69ba800b8.pdf
- https://static.usrfiles.com/ugd/2ca09c_56f907fa06dd415d8d98ce9dacbc28c0.pdf
- https://static.usrfiles.com/ugd/36f25b_af0615dcf9ec44aebb09fc69a6da2ebe.pdf
- https://cdn.shopify.com/s/files/1/0434/5744/6038/files/34814945003.pdf
- https://cdn.shopify.com/s/files/1/0431/0378/1015/files/ruveworosanufunikobit.pdf
- https://cdn.shopify.com/s/files/1/0432/4248/7972/files/how_to_convert_cdf_file_into_file.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/nasidobedibugamis.pdf
- https://cdn.shopify.com/s/files/1/0427/9923/5228/files/problem_solving_skills_assessment_questionnaire.pdf
- https://cdn.shopify.com/s/files/1/0430/7727/1706/files/45760467351.pdf
- https://cdn.shopify.com/s/files/1/0437/6189/3534/files/mcq_medical_laboratory_technology.pdf
- https://static.usrfiles.com/ugd/b8c837_bdacf10884604719b5fe5f97e6c3203c.pdf
- https://static.usrfiles.com/ugd/b8c837_e1f893424f6f45a6bf6d60411436a869.pdf
- https://static.usrfiles.com/ugd/384ea4_a4d209618bbc49ebbe3d03c5df9d4d0e.pdf
- https://static.usrfiles.com/ugd/b8c837_da1b1a8103a14a45aa0ef5dd491053d8.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008ae8.bin9c03a50652c2025531eab4dddaf589443e2e323221516dd5def255d0b75833c4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8AE8 | 5748 bytes |
font_01_sfnt_off00009e7a.binb42ac674367d32b9970eed3a707a07e774c3319cbfd56db7f0ca6eda46be1a3c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9E7A | 10304 bytes |
font_02_sfnt_off0000c1f6.binbc6d684f813ac1c32be8bd0fe15b7813cdddcd900b6f98dcbbe4bb93017ec79b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC1F6 | 16448 bytes |
font_03_sfnt_off0000d84e.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD84E | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.