MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to `https://ttraff.ru/wb?keyword=2007%204runner%20service%20manual`. This URL is likely used to deliver a malicious payload or redirect the user to a phishing site. The document body, though heavily obfuscated, contains text related to a '2007 4runner service manual', suggesting a lure to entice users to click the malicious link. The ML classifier also strongly indicates maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=2007%204runner%20service%20manual
- https://cdn.shopify.com/s/files/1/0436/2623/4009/files/best_ipad_pro_markup_app.pdf
- https://cdn.shopify.com/s/files/1/0485/8649/0016/files/luvoroxeteme.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/pigirerunozekolufis.pdf
- https://cdn.shopify.com/s/files/1/0433/2044/3045/files/marketing_ethics_meaning.pdf
- https://5a5e8c95-3e74-42f6-b2c9-ff6a33071427.filesusr.com/ugd/e6092c_c48a2a1ee6fd425984bed1fd1177b689.pdf?index=true
- https://a6db0fef-5292-43d9-9434-f76781542acf.filesusr.com/ugd/738632_ef7ba57846984567bdfac19484a09e32.pdf?index=true
- https://e959b8b3-00c8-4d13-94de-6aee224c5d5a.filesusr.com/ugd/95bb70_3aa62e88b4514f9cbf7dae45255d3412.pdf?index=true
- https://10614a0c-0ccc-48e6-b626-9000211d5241.filesusr.com/ugd/6c032c_f228762531a24039b4be39cca61f7f86.pdf?index=true
- https://4bb199d3-7267-4815-9cf3-eea4573b114d.filesusr.com/ugd/e2c223_477b538b868645eaa045445b6d8a6bb1.pdf?index=true
- https://0d039281-a6ff-4779-ac2e-544b130346dc.filesusr.com/ugd/cec570_238a20f494b348d79a0e39095add7ed4.pdf?index=true
- https://b05aaa8a-530a-4d3c-a5fa-f9595e9be65f.filesusr.com/ugd/1ee69b_9013ed6f77324b7cb0fdb24d84f69ca7.pdf?index=true
- https://477acf64-46d1-4c30-921e-ffa962c68a13.filesusr.com/ugd/d2cc1f_7d8bdf8cec5940619a9e62fdb71490d9.pdf?index=true
- https://b407f48e-cd77-4e79-94d3-745c85554994.filesusr.com/ugd/0df15e_0f7e086d625d41d08317f37a20476d02.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000164e4.bin01cc5c5af5272fb3ca40efbb8149dd015c6864537c0fe7818d0d738a88f47159 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x164E4 | 5352 bytes |
font_01_sfnt_off0001770a.bine5c3f2914e7ac2a38645e38ad562c9d738f4a95bebc27b4723e97344ab2a7987 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1770A | 15432 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.