MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.ru/wix?keyword=bajirao+mastani+tamil+movie+free'. This indicates a social engineering lure, likely attempting to trick the user into clicking the link under the guise of a movie download. The PDF also exhibits characteristics of a link farm, with numerous embedded URLs, further supporting the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=bajirao+mastani+tamil+movie+free
- https://static.usrfiles.com/ugd/ee4a13_af79808249d5412f8f40f7c3a5d81142.pdf
- https://static.usrfiles.com/ugd/b9801a_c72a973abe514eca824326e4df3f9fca.pdf
- https://static.usrfiles.com/ugd/2ca09c_58c099d5cec14cdca85bc8ec72babc7f.pdf
- https://static.usrfiles.com/ugd/b8c837_c064f48203fc4112bd9e96fab972b9f6.pdf
- https://static.usrfiles.com/ugd/0d2908_e744387ec6eb4e92a9c321d263f63806.pdf
- https://cdn.shopify.com/s/files/1/0433/8037/5704/files/libasinekogogirifej.pdf
- https://cdn.shopify.com/s/files/1/0437/8833/7303/files/19246440924.pdf
- https://cdn.shopify.com/s/files/1/0431/5830/6965/files/11943166482.pdf
- https://static.usrfiles.com/ugd/1fa6dd_faff73e05ff9454885003db788b73e72.pdf
- https://static.usrfiles.com/ugd/34e21e_eb31bba7db5e466dbf668ac4009532ee.pdf
- https://static.usrfiles.com/ugd/bd5c68_7b4a7b0639c64e71a57780b07ad2802d.pdf
- https://cdn.shopify.com/s/files/1/0436/1905/7822/files/possessive_pronouns_worksheet_5th_grade.pdf
- https://cdn.shopify.com/s/files/1/0431/7659/1509/files/93888259629.pdf
- https://cdn.shopify.com/s/files/1/0433/3066/6651/files/relaxation_breathing_exercises.pdf
- https://cdn.shopify.com/s/files/1/0434/1753/4629/files/sewupuravoded.pdf
- https://cdn.shopify.com/s/files/1/0432/5005/7373/files/batefawuposalafudajuxax.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005296.bin845eb019d959fe60672094238c561c76fe143245081ff3eaabf81976f7a06806 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5296 | 5100 bytes |
font_01_sfnt_off000063de.bin3b00f92320515e73c5cacf93b10bdc8c1c23d0baabb0e05cbcdb2eb4ad7d7a11 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63DE | 10328 bytes |
font_02_sfnt_off0000876a.binc41fc46809d2260d2d1a821cef6bb00dae560fdbad380da94a93f29d012df54e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x876A | 16164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.