MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.ru/wix?keyword=spotify+premium+apk+8.+5'. This URL is presented within the document body, disguised as a link for a popular application, indicating a social engineering lure. The presence of a large number of external PDF links further supports the malicious intent, likely for SEO poisoning or traffic redirection.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=spotify+premium+apk+8.+5
- https://static.usrfiles.com/ugd/a467d2_b4786abfb5634a26a2aa282980c5d85e.pdf
- https://static.usrfiles.com/ugd/8e1900_543867f4fd334440a24e7b2902803e38.pdf
- https://static.usrfiles.com/ugd/4cd51e_d33fce366bec46f9a323926d3bdf5ba7.pdf
- https://static.usrfiles.com/ugd/cf14a4_b4e4d6cfa254491bbd83c9d9be7b8e55.pdf
- https://static.usrfiles.com/ugd/d9f7b5_32c05a68fee74cf9a1cf8fd28775cb98.pdf
- https://cdn.shopify.com/s/files/1/0430/9755/5108/files/ubuntu_editing.pdf
- https://cdn.shopify.com/s/files/1/0430/4545/3985/files/48963455904.pdf
- https://cdn.shopify.com/s/files/1/0437/7853/9671/files/grade_2_phonics_test.pdf
- https://cdn.shopify.com/s/files/1/0431/1531/5349/files/64316519116.pdf
- https://cdn.shopify.com/s/files/1/0433/6238/6074/files/fpsc_challan_form_online.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/20597849085.pdf
- https://cdn.shopify.com/s/files/1/0435/4090/6135/files/binding_of_isaac_afterbirth_plus_seeds.pdf
- https://cdn.shopify.com/s/files/1/0432/7106/1660/files/arogya_amrutham_telugu_ayurveda.pdf
- https://cdn.shopify.com/s/files/1/0430/9486/8122/files/avengers_age_of_ultron_script.pdf
- https://static.usrfiles.com/ugd/89363e_79b88f1cba7640a6aaea6e7dc18c36fd.pdf
- https://static.usrfiles.com/ugd/6350c7_f0bc1cbaec64436bb1653b8b347bac63.pdf
- https://static.usrfiles.com/ugd/a382ee_205106019625439aa61f8782f2a32fa1.pdf
- https://static.usrfiles.com/ugd/b8c837_675826b6c0e14a5c887689b8dad0a5f5.pdf
- https://static.usrfiles.com/ugd/952c2e_ec3ca3f23bb4409c96ee5fa9b52936d8.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007295.bin7fda6a01d9009af569df9aa1d1c5fa46966b66c431221635e384b5a887847289 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7295 | 5456 bytes |
font_01_sfnt_off00008528.bin7946b96a0a1f6f56e192cda435103f4d3f5bbb877508abae5b3e10b83ab61d13 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8528 | 10648 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.