MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a link farm designed to direct users to a malicious redirector at `https://ttraff.club/wix`. This is further supported by ML classification and heuristics indicating malicious redirector links and a link farm. The document body, though heavily obfuscated, contains the same URLs, suggesting an attempt to disguise the malicious intent with seemingly legitimate content about coin collecting.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=cherrypickers%2527+guide+to+rare+die+varieties+of+united+states+coins+volume+2
- http://debujixus.tailwinddelivery.com/uploads/1/3/0/8/130873998/minex.pdf
- http://ranuwisul.dumlavwalla.com/uploads/1/3/1/8/131872096/rezugo.pdf
- http://lotaj.ohiobudokan.org/uploads/1/3/0/7/130775841/ledunirefetozilid.pdf
- http://files.kellyboyle.info/uploads/1/3/0/7/130739379/e0971ce9f6d0c5.pdf
- https://22718d98-2d2c-4828-b0f0-0fd1887ec2a2.filesusr.com/ugd/f08e01_b4a35b42a3b44146aa1258568acb34ca.pdf?index=true
- https://15fd6825-a00b-4f2a-8bfb-efe563c6b61c.filesusr.com/ugd/9c0842_92cccef11f2f4350ba1ff63d725c4ac2.pdf?index=true
- https://6f674aaa-49d5-433d-bbbc-d80ac13ce4c0.filesusr.com/ugd/5bb01c_8cc418c986c748e19446d53d15298ade.pdf?index=true
- https://1f7757ca-f808-11ea-a328-fc4dd43d38a6.filesusr.com/ugd/5ccfc8_84a2f4303a114b63840edb0748c495db.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/8828/9694/files/pobedom.pdf
- https://cdn.shopify.com/s/files/1/0436/0192/0157/files/aba_english_premium_apk_gratis.pdf
- https://cdn.shopify.com/s/files/1/0463/4158/7100/files/linux_mint_kde_installation_guide.pdf
- https://cdn.shopify.com/s/files/1/0436/9468/6376/files/64855153641.pdf
- https://cdn.shopify.com/s/files/1/0428/4642/1158/files/bachelors_movie_2015_parents_guide.pdf
- https://cdn.shopify.com/s/files/1/0433/3692/5342/files/sound_recorder_app_android.pdf
- https://cdn.shopify.com/s/files/1/0430/6495/0946/files/kovenofas.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006127.bina6ef301ce7bd7f59e357991cbe98a03084a7a8102a1f2a2dad30379ad859ff1c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6127 | 5864 bytes |
font_01_sfnt_off0000750c.bind75a3f336e628d430c8846084593d498aae3b4cb34ddcc3a5b87a4e9755d24a0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x750C | 10396 bytes |
font_02_sfnt_off000098e6.bin12e1bdea5fc73f205daff8bbc4573b4c6e5ba94205cf5b3440f65e61b625f0f0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x98E6 | 16084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.