MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains numerous embedded links, a technique often used to redirect users to malicious websites. One of the primary links, 'https://ttraff.cc/wix?keyword=the+gravity+between+us+wattpad', is flagged as a known malicious redirector. The document body, though heavily obfuscated, also contains this URL, suggesting an attempt to disguise the malicious intent. The presence of a large number of external PDF links further supports the idea of a link farm designed for malicious redirection.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=the+gravity+between+us+wattpad
- https://5c42a423-2494-4fc2-8b43-d075fa0d437d.filesusr.com/ugd/d61b30_dd289afed2704a2eb96b71c2312ec033.pdf?index=true
- https://09d285c7-e4a8-4ad7-a545-650b53b55344.filesusr.com/ugd/ab922d_143f148d014d4fdb9e958642609101d2.pdf?index=true
- https://f232aacb-9c6d-4014-b434-895eb49d6678.filesusr.com/ugd/7be1cd_382f7083d1eb4d83992ecac7f4911b83.pdf?index=true
- https://23648c34-8d5f-496e-9ecb-6f7b6fcf2a2e.filesusr.com/ugd/717a42_9dea452dcd624609b0a377004982d1ab.pdf?index=true
- https://a08da2f9-f2af-47ec-a8b8-ae5ef84d7328.filesusr.com/ugd/bb4607_a20cc70d016e41c7a9e10f7664b036e2.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/2965/8790/files/effective_java__github.pdf
- https://cdn.shopify.com/s/files/1/0432/3141/2379/files/99334684234.pdf
- https://cdn.shopify.com/s/files/1/0432/2227/0114/files/2791699755.pdf
- https://dd7a6572-cecd-45db-910c-057e4c0f6cd9.filesusr.com/ugd/4f92c1_afac36a9782a4e59aef9a038dc94d8cd.pdf?index=true
- https://69ee7fa5-f1b6-44ea-a7d7-0539693811e5.filesusr.com/ugd/5c9621_26ab311490024367b7e5810ca613370d.pdf?index=true
- https://7572849f-0b9c-4d6b-9477-ecb8dbf987ac.filesusr.com/ugd/fbccce_19931bd3b04d4aa5a33780e9b598bce9.pdf?index=true
- https://7c2c6bf6-5640-4f76-829f-240a38d39968.filesusr.com/ugd/96768c_26f4904bc75c4f30806cdc013d3d55cc.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005d9c.bin6e1593f1c5e6c5203e5d9b2c0e367685329733f30726a3f218a0a518c3fc5889 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D9C | 3572 bytes |
font_01_sfnt_off00006a57.bin2b71be2a6233962a09d54485eb550d64406eac1db54c15e748e93b9f82381ff5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A57 | 5532 bytes |
font_02_sfnt_off00007d36.bin70556628307ed5d29b49c0c20d82fe6efac90a596f253e6a9641d91064737965 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D36 | 10172 bytes |
font_03_sfnt_off0000a041.binf53b43e12006e3d52612f085e6e184fa5bba3604999f0cb64562e6bb996dc06b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA041 | 16384 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.