MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.link/pify?keyword=andrew+loog+oldham+books'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, including 'http://files.cultivatecornwall.com/uploads/1/3/1/8/131856815/4e08a153faa.pdf'. The document body, though heavily obfuscated, contains these URLs, suggesting the primary intent is to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=andrew+loog+oldham+books
- http://files.cultivatecornwall.com/uploads/1/3/1/8/131856815/4e08a153faa.pdf
- http://files.innovadoenmexico.com/uploads/1/3/1/4/131408581/2941930.pdf
- http://gabilo.quirkyclean.com/uploads/1/3/2/6/132695584/rarizivoril.pdf
- http://gazatesi.pipsqatar.com/uploads/1/3/0/7/130776407/a8761d.pdf
- https://844f7b1d-7ec0-452d-9771-6274fc9bf2a2.filesusr.com/ugd/af0aa9_a383a8440e464ec0b93b7b7ca605e90d.pdf?index=true
- https://7fd2a1fa-7a18-4a5a-8620-507bb618fb80.filesusr.com/ugd/b6aaa0_d169ae881a3f4baaaafab0803e050581.pdf?index=true
- https://25a78f58-8ceb-4a48-bcea-7e63df9d7361.filesusr.com/ugd/b1277d_05ba2d724fc142d39bc40e46b0fd8d01.pdf?index=true
- https://f1e4f9da-aba3-4fbf-b094-ffa5037c6cac.filesusr.com/ugd/4fb05f_d89b6f3b99e74d09a3bc0ac812fa3247.pdf?index=true
- https://8ca60377-6641-40a4-a005-c160dd139110.filesusr.com/ugd/b5472a_c98a3eb3b5e24b45b3006362e7efe308.pdf?index=true
- https://6ce971e6-dcdd-4505-84d5-6f93941d77ef.filesusr.com/ugd/89c6ad_d18ae333327c4e019859580871f8696e.pdf?index=true
- https://87e2d67f-bc9d-4f93-89f3-30e2fec93427.filesusr.com/ugd/99afdc_78c9b14f31a54bfe9369673029a06606.pdf?index=true
- https://a0b742f7-6eca-4a59-90f6-f6de5578cd0a.filesusr.com/ugd/1479de_8916bc34b97a4c658366acd96e9ebedd.pdf?index=true
- https://f7f28d3f-cc7d-4926-b493-503f1e0df4cf.filesusr.com/ugd/3bbd68_682f23e8727f4292b938bcabf7bb234d.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005ff1.binada1646a44235a3e181844011e74f33bab6bbbd30adcaa8f50e53098a99e583a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FF1 | 5524 bytes |
font_01_sfnt_off00007295.binf2358c8ae3f0d8c5f8ece6c187d4d9418b2e1d55512f9698a466a18ba4b71bf0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7295 | 11992 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.