MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass of external links, many pointing to Shopify domains, designed to appear as legitimate documents. One prominent link, 'https://ttraff.me/wix?keyword=android+tv+box+remote+stopped+working', is flagged as a malicious redirector. This suggests a phishing or scam attempt, likely aiming to direct users to malicious content or further phishing pages. The ML classifier strongly supports the malicious nature of this PDF.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=android+tv+box+remote+stopped+working
- https://static.usrfiles.com/ugd/738632_bb83ae2bd5a649f790eeda9f4cfaae12.pdf
- https://static.usrfiles.com/ugd/c0b427_a25bbeb2700943418419e1126c842b35.pdf
- https://static.usrfiles.com/ugd/4dd980_110b61e9661b452ea3b13f14e83341c5.pdf
- https://static.usrfiles.com/ugd/b8c837_97576efa759d4dea8604a39c453731cc.pdf
- https://static.usrfiles.com/ugd/cafc24_274b520386a34f4299ce0d3195d06236.pdf
- https://cdn.shopify.com/s/files/1/0436/6699/7398/files/xugokafisenod.pdf
- https://cdn.shopify.com/s/files/1/0447/0757/8009/files/neet_biology_notes_free_download.pdf
- https://cdn.shopify.com/s/files/1/0428/0057/8723/files/mesimujos.pdf
- https://cdn.shopify.com/s/files/1/0429/0805/7759/files/mueller_report_book_review.pdf
- https://cdn.shopify.com/s/files/1/0434/6635/8934/files/lugafiferaweferevonow.pdf
- https://cdn.shopify.com/s/files/1/0440/8786/9592/files/wemukoxarabizodudumezaba.pdf
- https://cdn.shopify.com/s/files/1/0435/2566/9028/files/86901657388.pdf
- https://cdn.shopify.com/s/files/1/0431/0528/8349/files/43365958465.pdf
- https://cdn.shopify.com/s/files/1/0431/5935/5556/files/81769648570.pdf
- https://cdn.shopify.com/s/files/1/0431/9471/2228/files/batewufetiruzuva.pdf
- https://cdn.shopify.com/s/files/1/0430/8867/4967/files/32343108529.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000065a1.bina6b16cae3ad2272fbe4d13a8de578c8a3ab042e7934f94b5efcfd63407d9cde4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65A1 | 5236 bytes |
font_01_sfnt_off0000776e.binedbbda89dde5f9f0c51fedf2c27725b9d28ef812318ded9590c2deaee387fb5d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x776E | 10196 bytes |
font_02_sfnt_off00009a60.bin4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A60 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.