MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a large number of embedded links, many of which are SEO-optimized and point to PDF files hosted on Shopify. One critical heuristic firing indicates that a link redirects to known malicious infrastructure at 'https://ttraff.cc/pify?keyword=badminton+rules+for+doubles+pdf'. This suggests a link farm or SEO poisoning attack designed to funnel users to malicious content. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=badminton+rules+for+doubles+pdf
- http://files.babybegreendiaperservice.com/uploads/1/3/0/7/130775310/joxofaxifajoxu_tewalefel.pdf
- http://files.nayloreagles.com/uploads/1/3/0/8/130874422/7648426.pdf
- http://vibugus.darabitler.com/uploads/1/3/1/4/131407406/vebunavag-muzupawam-mevelemepi.pdf
- http://files.stlukemt.org/uploads/1/3/1/4/131455722/7487716.pdf
- http://files.themagiciansindicator.com/uploads/1/3/2/6/132681384/b8eaf34186cf7.pdf
- https://cdn.shopify.com/s/files/1/0438/4908/9186/files/52471867327.pdf
- https://cdn.shopify.com/s/files/1/0428/3518/1734/files/16845634465.pdf
- https://cdn.shopify.com/s/files/1/0438/9984/6824/files/windows_filename_invalid_characters.pdf
- https://cdn.shopify.com/s/files/1/0427/8488/2844/files/nuzugejew.pdf
- https://cdn.shopify.com/s/files/1/0430/3791/7345/files/tevov.pdf
- https://cdn.shopify.com/s/files/1/0437/7998/1470/files/executive_producer_contract.pdf
- https://cdn.shopify.com/s/files/1/0434/6108/3288/files/fortran_programming_language.pdf
- https://cdn.shopify.com/s/files/1/0428/3754/1031/files/zesumazekamoron.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/17524121831.pdf
- https://cdn.shopify.com/s/files/1/0434/4630/4920/files/29994310782.pdf
- https://cdn.shopify.com/s/files/1/0430/0763/9711/files/55803537426.pdf
- https://cdn.shopify.com/s/files/1/0437/7988/3170/files/vodisiwekuvukuj.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006473.bin3aa1d63abed47a3b9b693a30a5297e1f2107c6ed2c1dd24315311e1c8eeea3e5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6473 | 5376 bytes |
font_01_sfnt_off0000769b.bin86e0da595a3ad961f16e9c88f200b96640aa0a019cb2fe65950eb45557dde6fd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x769B | 9824 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.