MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains multiple embedded links, with one specifically identified as a malicious redirector. The heuristic 'PDF_MALICIOUS_REDIRECTOR_LINK' and the presence of the URL 'https://ttraff.club/wix?keyword=diya+aur+baati+hum+punjabijunktion' strongly indicate a malicious intent to redirect the user. The 'PDF_SEO_LINK_FARM' heuristic suggests a tactic to manipulate search engine results or distribute malicious links widely. The ML classifier also flagged this PDF with high confidence.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=diya+aur+baati+hum+punjabijunktion
- https://cdn.shopify.com/s/files/1/0431/1390/6333/files/kakipiterafewe.pdf
- https://cdn.shopify.com/s/files/1/0428/8305/5782/files/sanomutumu.pdf
- https://cdn.shopify.com/s/files/1/0430/9562/1796/files/xamaxegapijes.pdf
- https://cdn.shopify.com/s/files/1/0432/3144/5149/files/heavy_silk_bandage_vanilla.pdf
- https://static.usrfiles.com/ugd/b8c837_40427c1de91b472eb12c545b3c415cf4.pdf
- https://static.usrfiles.com/ugd/b8c837_f138cd7fbb4b470eb7a06957bac291b7.pdf
- https://static.usrfiles.com/ugd/80c1db_2d86daa4922446f986e66ab543a9ca09.pdf
- https://static.usrfiles.com/ugd/b8c837_5ab1b82ed94e4ee587a8b5fe8d80a4df.pdf
- https://static.usrfiles.com/ugd/0c268c_2014fc9e38a24ce9b1467d29ca22793d.pdf
- https://static.usrfiles.com/ugd/33a16d_f3f76986dfd04a22abdd6ffa95f92de2.pdf
- https://static.usrfiles.com/ugd/704566_ac585c3c39c145858fc445504f13ffb3.pdf
- https://static.usrfiles.com/ugd/b8c837_7fa2535818694b81aceba3a3a302fe1d.pdf
- https://static.usrfiles.com/ugd/26481d_6c25c7389cca4e52b2d25df40c16afcf.pdf
- https://static.usrfiles.com/ugd/565485_b6ef417bd0054eb3979002d206bcad16.pdf
- https://static.usrfiles.com/ugd/bd5c68_f972664ad19542cd8d685e37b15597eb.pdf
- https://static.usrfiles.com/ugd/b8c837_bf2b371bcc72483caeeb6e56aeef2e0a.pdf
- https://static.usrfiles.com/ugd/63d3ad_0d23af583ae842df863fbad0bc0d0564.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d133.bin15ac32ef0a1ae76044527cd69d72d4f9581257cfafedfff60bfaeb6be65f388a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD133 | 5228 bytes |
font_01_sfnt_off0000e2e5.bin6f48e0cdf76b082f05829016868793a1ef0fc8e4d7e4115cf5c39fb7ab68e263 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE2E5 | 12508 bytes |
font_02_sfnt_off00010a8e.bina697a56d8b7e52d59ee87ac5d46f1d07a69474d9ad4815ee162af1e669444ed2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A8E | 17160 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.