MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF was flagged by multiple critical heuristics for containing malicious redirector links and a large link farm. The embedded URL 'https://ttraff.ru/pify?keyword=quarter+past+midnight+bastille' is identified as a malicious redirector. The document body contains obfuscated text and a reference to the same URL, suggesting a lure to external malicious content. No scripts were extracted, but the PDF structure itself indicates a malicious intent to redirect users.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=quarter+past+midnight+bastille
- https://cdn.shopify.com/s/files/1/0431/9812/0096/files/zuvuxoderumudejaxom.pdf
- https://cdn.shopify.com/s/files/1/0447/3811/7781/files/kojovidiwedato.pdf
- https://cdn.shopify.com/s/files/1/0432/3521/3467/files/23154045140.pdf
- https://cdn.shopify.com/s/files/1/0434/7563/2285/files/94250577729.pdf
- https://static.usrfiles.com/ugd/5b9365_c8af4a8dda354a9b88308a49afec016f.pdf
- https://static.usrfiles.com/ugd/b8c837_1e0f500d713148e38461148786b0980f.pdf
- https://static.usrfiles.com/ugd/3615fb_e05042a8f5224b0e9ef113e047430f44.pdf
- https://static.usrfiles.com/ugd/3bcfef_78db0ae9d9ad4548a6deccc11e4bc9e1.pdf
- https://static.usrfiles.com/ugd/902d29_197dd9afb85449f9891abde63d6313b1.pdf
- https://static.usrfiles.com/ugd/097bd5_b3c6821e5a6b48b6b2b417348f52e528.pdf
- https://static.usrfiles.com/ugd/f46427_4f43a8e773ab47df90036b2d7288d0f6.pdf
- https://static.usrfiles.com/ugd/2ca22b_50e28711176241ee9bb61567a175a186.pdf
- https://static.usrfiles.com/ugd/d017d5_410e7585ff724ed58968066b3f5aa46a.pdf
- https://static.usrfiles.com/ugd/44b221_ecac1f1a5cee43198219aabea805ce29.pdf
- https://static.usrfiles.com/ugd/e643da_a6ab14e11c6f47758e41795b08a3a96d.pdf
- https://static.usrfiles.com/ugd/b148e5_8bbfaf716ed94cccafe7021acad4ec52.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000594d.bin3bf0dbe755713e1b22655fb5470bc22c9f04c8643a922e4f2b20a018a5286cae |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x594D | 5348 bytes |
font_01_sfnt_off00006b3d.bin2f945dffcc1bbe7c9854952ec6742c61b175f59f4a874413cd3410b6ad404dd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B3D | 10728 bytes |
font_02_sfnt_off00008f7f.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8F7F | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.