MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to SEO-optimized PDF documents hosted on Shopify. One of these links redirects to the known malicious domain 'ttraff.ru'. This suggests a link farm or SEO poisoning attack designed to lure users to malicious infrastructure. No scripts were extracted, and the document body is largely unreadable binary data.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=what+does+haley+like+in+stardew+valley
- https://cdn.shopify.com/s/files/1/0434/0760/5923/files/xigotorafuwikofisazujamal.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/76588695657.pdf
- https://cdn.shopify.com/s/files/1/0436/1663/2994/files/lubarogagogupatusuzi.pdf
- https://cdn.shopify.com/s/files/1/0431/8268/6367/files/tujuan_pendidikan_agama_islam.pdf
- https://cdn.shopify.com/s/files/1/0434/8539/7152/files/sql_stored_procedure_interview_questions_and_answers.pdf
- https://static.usrfiles.com/ugd/b8c837_8b7f2b0c200b401ea62610955f037079.pdf
- https://static.usrfiles.com/ugd/b8c837_8a63269d233744f78dbcf25a874501d0.pdf
- https://static.usrfiles.com/ugd/b8c837_62a70bef59b54f0592c899bfcb29f045.pdf
- https://static.usrfiles.com/ugd/a1fb72_d6ce4a505a6841e9a8b8710ef7fb0b15.pdf
- https://static.usrfiles.com/ugd/b8c837_f4b4e6ad63e74aae84127cfbd282512b.pdf
- https://cdn.shopify.com/s/files/1/0430/6580/2905/files/zuduzuzopanuw.pdf
- https://cdn.shopify.com/s/files/1/0433/7870/4536/files/80127909612.pdf
- https://cdn.shopify.com/s/files/1/0432/5185/9611/files/58476394617.pdf
- https://cdn.shopify.com/s/files/1/0428/5880/7455/files/fibawubexalunemizigib.pdf
- https://cdn.shopify.com/s/files/1/0433/5727/4270/files/59129116393.pdf
- https://cdn.shopify.com/s/files/1/0431/6404/1373/files/dewejuf.pdf
- https://cdn.shopify.com/s/files/1/0433/9875/8557/files/82145330390.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007291.bind68b1cf9a342fedd4d2436c1b10f72e56f743994617cd498a390d69c0d1e7a42 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7291 | 5244 bytes |
font_01_sfnt_off00008478.bina5374fc9c901bc8305bc03d1b479852d149725e14f8fb55c4eea58019f6a89a3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8478 | 11212 bytes |
font_02_sfnt_off0000a99e.binc0596f52601de44763ccff7fba9c7f7707c211278fb6ffcfae4a7892f822440f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA99E | 16100 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.