MALICIOUS
182
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file functions as a link farm, containing numerous links to external websites. One of these links, 'https://ttraff.com/pify?keyword=atomic+emission+spectroscopy+slideshare', is identified as a malicious redirector. The document's structure and the presence of a malicious redirector suggest an attempt to lure users to malicious sites, likely for further exploitation or phishing. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 0.9989
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=atomic+emission+spectroscopy+slideshare In PDF document text
- https://site-1043600.mozfiles.com/files/1043600/15326932535.pdfIn PDF document text
- https://site-1042348.mozfiles.com/files/1042348/pepitedale.pdfIn PDF document text
- https://site-1039156.mozfiles.com/files/1039156/ribunaber.pdfIn PDF document text
- http://moxosuzog.mybtop.com/uploads/1/3/0/7/130775350/8da9a.pdfIn PDF document text
- http://files.maidtoshineservices.net/uploads/1/3/1/4/131437268/29f33e.pdfIn PDF document text
- http://rifaxek.sorokaphotography.com/uploads/1/3/1/3/131398164/jidalowig.pdfIn PDF document text
- http://files.accountinguci.com/uploads/1/3/0/8/130873907/wafizelov-josekijaze.pdfIn PDF document text
- https://site-1040132.mozfiles.com/files/1040132/gimizibeved.pdfIn PDF document text
- https://site-1038414.mozfiles.com/files/1038414/55737079382.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/88e3cf75-bf64-4e45-83bb-2245692a5048/25888849712.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/688700f1-e09c-45d6-8eaa-fc4104720841/xozonek.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c95c69f0-ed1c-45fb-ad19-758fd1bed79c/28065988572.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/597eafe7-94ba-4edf-b622-69cbccefd05c/zufosutef.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000086f9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x86F9 | 5404 bytes |
SHA-256: ec0dcf5ba028e8c5095da1efbcf302f8ff26beac61d93b88432dc45da465d546 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.