MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document contains a lure related to 'Avast license key crack' and embeds numerous external links. One of these links, 'https://ttraff.cc/wix?keyword=avast+license+key+crack', is flagged as a malicious redirector. The presence of a large number of external PDF links, many of which are hosted on suspicious domains, indicates a link farm designed to distribute malicious content or engage in SEO manipulation for phishing purposes. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=avast+license+key+crack
- http://rijelasug.charlescdixon.com/uploads/1/3/1/0/131070993/51390a83ab.pdf
- http://talejina.fiddleonthefarm.com/uploads/1/3/1/4/131452821/rikagufeb.pdf
- http://files.fionasophiaphotography.com/uploads/1/3/2/3/132303117/xejek_jutuzijesoda.pdf
- http://files.forgingdreams.com.au/uploads/1/3/2/6/132681452/8c847e5d648dc.pdf
- https://66620baa-ff0a-4999-9d0e-824e67d8c1f1.filesusr.com/ugd/8b49c6_cf1a9143dc8d42afa192617e80d64e17.pdf?index=true
- https://a7b6d619-899a-4845-acda-28799f99c91c.filesusr.com/ugd/0af078_9360006e26cb4524929e72462450a2b0.pdf?index=true
- https://14fe72ff-c5c3-4e8c-9cbb-43e4a96227f3.filesusr.com/ugd/5e81b9_f48750fe97f54d66983a9314eb6f9638.pdf?index=true
- https://d0e61418-8ab6-40c1-b35b-7755709600d5.filesusr.com/ugd/89363e_9544aeaabed54538b2e13b9abf64077b.pdf?index=true
- https://9847aa09-30da-4341-adfc-073f4b9e8122.filesusr.com/ugd/d8966e_036a7f4a554f4d32a9c8a1847e603b5e.pdf?index=true
- https://afa12b85-272c-4ccd-bce3-dbf82a1ee152.filesusr.com/ugd/81cd61_58567147cfd048ebb8b0d59ef51436a7.pdf?index=true
- https://b370411d-8669-43c2-94af-4f2b198df8cf.filesusr.com/ugd/89602e_1fa6fa39db024a6daffca127a276276f.pdf?index=true
- https://6bb5126e-0905-497a-a51a-422dce5ef146.filesusr.com/ugd/9f06f8_81bbf97669a54d7fa7845697addb62ef.pdf?index=true
- https://04c2d68b-2ae6-4acf-a806-3c63b91c0115.filesusr.com/ugd/405339_47bf1681105c467c81f3333e238cedda.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007493.binf564f86f0e7c46c0ddbe303e969c2b0ae3504fe83065a6b10aa1c9149f6c97e6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7493 | 5008 bytes |
font_01_sfnt_off000085bb.bincfb7eb272eab77a719c7e2c3bfb18fed9db6ad84274efe3de06d46dca14a5c5c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85BB | 10856 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.