MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document contains numerous embedded links, many of which point to known malicious redirector infrastructure or link farms. The primary URL, 'https://ttraff.ru/pify?keyword=sociolinguistics+book+by+hudson+pdf', is flagged as a malicious redirector. The document body, though heavily obfuscated, contains text related to 'sociolinguistics book by hudson pdf', suggesting a lure to trick users into downloading potentially harmful content disguised as academic material. The presence of a large number of external PDF links further indicates a link farm strategy, likely for SEO manipulation or to distribute malware.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=sociolinguistics+book+by+hudson+pdf
- http://files.nimblehillbrewing.com/uploads/1/3/1/6/131606631/6214782.pdf
- http://files.projectufo.org/uploads/1/3/0/7/130739381/4877757.pdf
- http://files.dguchicago.com/uploads/1/3/0/7/130739174/3587020.pdf
- http://files.nalinikrishnankutty.com/uploads/1/3/0/8/130874128/mewajuluxojuvafox.pdf
- http://files.piasiagallery.com/uploads/1/3/0/8/130813965/bitij.pdf
- http://files.troutbum.ca/uploads/1/3/2/7/132710655/046c6686a.pdf
- http://files.healmylifemobile.com/uploads/1/3/0/9/130969993/7961412.pdf
- http://files.thestrongfamiliescommission.com/uploads/1/3/1/8/131871909/votijaw_vemezuzatagokoz_tajolatogip_fudujed.pdf
- http://files.stmarymagdalenewpg.org/uploads/1/3/1/8/131856531/badifa.pdf
- https://cdn.shop
- https://wodoloz.files.wordpress.com/2020/06/31335584712.pdf
- https://kurasedi.files.wordpress.com/2020/06/75628856084.pdf
- https://dimufasuxuku.files.wordpress.com/2020/07/62161784884.pdf
- https://wemuvepilupu.files.wordpress.com/2020/07/kezojulenolexajilejixusiz.pdf
- https://norofila.files.wordpress.com/2020/06/rubegu.pdf
- https://popusupoje.files.wordpress.com/2020/07/jatavimugideluwarep.pdf
- https://jafelasug.files.wordpress.com/2020/07/93739883808.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/fasexerogetotano.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/55864873889.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/17232613021.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/pufabupenidobuxix.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/xumilegimazuguvabunozanik.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000064f6.binec1e20ec368839439596f1f4b8358a2dfaf030ae34895f5418711ac576f32619 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64F6 | 5284 bytes |
font_01_sfnt_off000076e0.bin80e5a9133e1fb496c3ebef2e1e05c9d761d8e0151b50d9ff9b3a80b061c57b8c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76E0 | 10080 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.