MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, with one identified as a malicious redirector. The document body, though heavily obfuscated, contains the URL https://ttraff.ru/wix?keyword=ark+boss+platform, which is flagged as a malicious redirector. The presence of a link farm suggests an attempt to distribute malicious content or conduct phishing operations.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=ark+boss+platform
- https://static.usrfiles.com/ugd/9734e7_3571ff48774d464c97c66ecf318b95c8.pdf
- https://static.usrfiles.com/ugd/097bd5_89088335591c42729abbc359f7962ea8.pdf
- https://static.usrfiles.com/ugd/81d6a4_1b9c2eaca6f949d394f38d07a0b4f13c.pdf
- https://static.usrfiles.com/ugd/60933b_37e53324365a4974b0be2f3caf486325.pdf
- https://static.usrfiles.com/ugd/9d66c7_f175de8f645b4b298996c73c7c1435d4.pdf
- https://static.usrfiles.com/ugd/b8c837_00599d8ac6fc4720becba405955ae7e7.pdf
- https://static.usrfiles.com/ugd/e3325f_464b96e5def2413396415b74aaf507e2.pdf
- https://static.usrfiles.com/ugd/77941b_4de979e1d7484253b84cc579ee6610c1.pdf
- https://static.usrfiles.com/ugd/8ab72e_8e98b9d81c8844bfbc64086f7b88d077.pdf
- https://static.usrfiles.com/ugd/e5cbe5_4734bcf5b96f49079015404cb843c2fc.pdf
- https://static.usrfiles.com/ugd/d5415a_fab9b31b202e42ba8e6e2b5242523e57.pdf
- https://static.usrfiles.com/ugd/7ea8bb_d1ca62e3bc574eb688e01132f0afd06e.pdf
- https://static.usrfiles.com/ugd/7d21c0_f737b34e87e34264abd53c8073e9f4d3.pdf
- https://static.usrfiles.com/ugd/4dd980_a51618dc945d46c99423f161bc9f0fc7.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f5b.bin697d1eb86a9dc6e8a69eea13a3090db37462469929982f076f4387a80a7bb491 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F5B | 5240 bytes |
font_01_sfnt_off00008119.binad00e3db5de45d1114bd3be61cefa37f10b32298f0e9aa0076c80ac1642d86f2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8119 | 10536 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.