MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains numerous embedded links, with a critical heuristic firing for a malicious redirector at 'https://ttraff.com/pify?keyword=idrivesafely+defensive+driving+quiz+answers'. The document body, though heavily obfuscated, contains text fragments suggesting a quiz lure. The presence of a link farm heuristic further indicates a malicious intent to distribute content via numerous external links. No scripts were extracted, but the PDF structure and link analysis strongly suggest a malicious redirector pattern.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=idrivesafely+defensive+driving+quiz+answers
- http://jexojusem.drewsdecision.org/uploads/1/3/1/6/131607131/5360209.pdf
- https://cdn.shopify.com/s/files/1/0437/5317/7237/files/rca_tv_manual.pdf
- https://cdn.shopify.com/s/files/1/0437/7654/0834/files/sujets_de_bac_maths_terminale_s_algerie.pdf
- https://cdn.shopify.com/s/files/1/0440/0431/1190/files/nurafafujosuf.pdf
- https://cdn.shopify.com/s/files/1/0435/4591/9652/files/22836836214.pdf
- https://cdn.shopify.com/s/files/1/0430/3536/1442/files/38305731780.pdf
- https://cdn.shopify.com/s/files/1/0439/4670/5051/files/easton_broadhead_tuning_guide.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/46905239833.pdf
- https://cdn.shopify.com/s/files/1/0437/3990/6197/files/photo_license_center.pdf
- https://cdn.shopify.com/s/files/1/0448/1833/3858/files/xuxirufodipeganenonamas.pdf
- https://cdn.shopify.com/s/files/1/0431/5663/5812/files/75862933293.pdf
- https://cdn.shopify.com/s/files/1/0429/3784/3871/files/clash_of_clans_apk_play_store.pdf
- https://cdn.shopify.com/s/files/1/0436/2944/5273/files/the_hindu_english_news_paper.pdf
- https://cdn.shopify.com/s/files/1/0428/2168/1315/files/derigejovanobexedojovexuz.pdf
- https://cdn.shopify.com/s/files/1/0432/7315/8806/files/meborabipojesemetotifu.pdf
- https://cdn.shopify.com/s/files/1/0430/7599/3764/files/11356457596.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006480.binbfaf04f11cb4dc0fad682c98a3a18477e40d19332768c2daed4007daf8135f09 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6480 | 5444 bytes |
font_01_sfnt_off0000772a.bine63e71c5b5c99651449bf33c1f076999b3ada710628e56b1c84f413be7c0abce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x772A | 10456 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.