MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wb?keyword=aha%20bls%20manual%20pdf'. This URL is likely used to redirect the user to a malicious site. The ML classifier also strongly flagged this PDF as malicious. The document body, though heavily obfuscated, contains the same URL, reinforcing the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=aha%20bls%20manual%20pdf
- https://d2bcef5d-b77d-4cd7-8956-090a3dbedc58.filesusr.com/ugd/8e6e76_d31b1e3fbc8943c19a5d794d0b9e86f6.pdf?index=true
- https://aea385b1-978c-46ea-a893-fd1f0e626fcb.filesusr.com/ugd/d94ae5_d62b783c9170450aafefed75cf210ee8.pdf?index=true
- https://b90ea6a4-c650-4c2e-a213-deb656dc9515.filesusr.com/ugd/1c8c1e_50cf8bf90ed647c2a95e8634836e9d53.pdf?index=true
- https://e18f5fcb-52ce-4415-b817-288d26c97ecf.filesusr.com/ugd/b98abb_d973e7a313574882a0ec868a212bbbb9.pdf?index=true
- https://b9c5075f-e18c-4ef4-bf96-d89569ad0a83.filesusr.com/ugd/f9fac6_94b7c27d9e1c46739b8ab8de9ce2cc61.pdf?index=true
- https://cdn.shopify.com/s/files/1/0429/2270/5055/files/71941714649.pdf
- https://cdn.shopify.com/s/files/1/0435/8068/6495/files/ayapakkam_housing_board_guideline_va.pdf
- https://cdn.shopify.com/s/files/1/0463/4083/3436/files/2235917906.pdf
- https://cdn.shopify.com/s/files/1/0429/1470/9663/files/birekifaxusup.pdf
- https://cdn.shopify.com/s/files/1/0433/1349/6222/files/pofesojexobosipilepopo.pdf
- https://64537a4c-2c7c-4546-b4a0-0f71fe94e813.filesusr.com/ugd/f2ef67_c32a9f302db7434399f8e5eb9b3e6990.pdf?index=true
- https://deb9873e-613a-4d30-b7c7-daaf4616aba1.filesusr.com/ugd/de02f3_e4ae07e3d0a14228adfb5d729489a239.pdf?index=true
- https://af1e3739-beef-41ed-b8cf-cecabf95b6f7.filesusr.com/ugd/4826f5_67554d453d79493098952175d4e12e52.pdf?index=true
- https://675404c7-228b-429a-bb51-4061635f69c9.filesusr.com/ugd/8acad3_0388e4848d704da0b41d559de62a0ce3.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00015c18.bin16710d38489a4e076381566b7bd8ceee3ad5e62f64642ed58df8bbf2bcb02188 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15C18 | 4840 bytes |
font_01_sfnt_off00016c48.bin5f249286be2a49f47b8ed197b9ab953c0303a2d8ad927d245ae93eba7c173562 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16C48 | 13996 bytes |
font_02_sfnt_off0001986d.bincd94ef65598b1866d0653cdd88243d989fd81359c0e770c2d3a4858f1c2f6d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1986D | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.