MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link farm designed to redirect users to malicious infrastructure, masquerading as a resource for engineering books. The primary malicious URL, https://ttraff.ru/pify?keyword=automobile+engineering+book+by+kirpal+singh+pdf, is flagged as a malicious redirector. The document body, though heavily obfuscated, contains references to this URL and other potentially benign Shopify links, suggesting a social engineering tactic to drive traffic to the malicious site. No scripts were extracted, limiting the analysis of further payload delivery or execution.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=automobile+engineering+book+by+kirpal+singh+pdf
- http://files.addictionmadison.com/uploads/1/3/1/3/131380126/rotesoj_dibelawevurag_dagomezexuvuful_jixagesufa.pdf
- http://files.atitrainingstore.com/uploads/1/3/1/3/131397946/pefewago-vuzobadetumixuw.pdf
- https://cdn.shopify.com/s/files/1/0431/3006/0955/files/68375344147.pdf
- https://cdn.shopify.com/s/files/1/0435/3445/0840/files/barukezojitaxafepawife.pdf
- https://cdn.shopify.com/s/files/1/0434/2641/4748/files/senodiwuzokexedopififipa.pdf
- https://cdn.shopify.com/s/files/1/0430/5797/1362/files/forestry_mod_1._10._2.pdf
- https://cdn.shopify.com/s/files/1/0434/7048/7712/files/84752062400.pdf
- https://cdn.shopify.com/s/files/1/0437/5651/9578/files/beach_buggy_racing_apk_mod_rexdl.pdf
- https://cdn.shopify.com/s/files/1/0429/8106/4853/files/how_to_set_up_act_ffxiv.pdf
- https://cdn.shopify.com/s/files/1/0432/7551/8107/files/lullabye_billy_joel_piano_sheet_music.pdf
- https://cdn.shopify.com/s/files/1/0429/8699/5863/files/demewemenetutusegun.pdf
- https://cdn.shopify.com/s/files/1/0462/3033/9735/files/20005027170.pdf
- https://cdn.shopify.com/s/files/1/0431/6463/1195/files/balanceamento_redox_exercicios.pdf
- https://cdn.shopify.com/s/files/1/0440/4376/3862/files/cartoon_hd_app_for_android_tv_box.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000060fc.bin410bf8c76c6ab3f1f915b31b0ccdc687ecaba6ef5619cc699dc26ea2f1a8e57c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x60FC | 5632 bytes |
font_01_sfnt_off000073f5.bin67ef4c36307ae3b11a5e86ffd014eb7a5073e9ebb28b58ff8d6b84b73e9f7dac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x73F5 | 10224 bytes |
font_02_sfnt_off000096c4.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x96C4 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.