Malware Insights
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=visual+b%25C3%25A1sico+6+datepicker+o+control'. This suggests the document is designed to lure users into clicking this link, which likely leads to a malicious site. Additionally, the PDF exhibits characteristics of a link farm, with numerous embedded URLs, including one to 'https://cdn.shopify.com/s/files/1/0437/8460/1761/files/talati_book_free_download.pdf'. No scripts were extracted, and the document body is largely unreadable binary data, but the presence of the malicious redirector is sufficient evidence for a malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=visual+b%25C3%25A1sico+6+datepicker+o+control
- https://cdn.shopify.com/s/files/1/0437/8460/1761/files/talati_book_free_download.pdf
- https://cdn.shopify.com/s/files/1/0429/5832/3865/files/27488748560.pdf
- https://cdn.shopify.com/s/files/1/0435/4375/6954/files/subafikuwuxasesozajof.pdf
- https://static.usrfiles.com/ugd/7baf93_c5fc5b38e2b247b7a8a676e316b59e96.pdf
- https://static.usrfiles.com/ugd/6350c7_96fc81f4878240e18178d1d0c6fb134c.pdf
- https://static.usrfiles.com/ugd/52b593_a5ef8f36d68c4d38bf50bc85e4ce83fd.pdf
- https://static.usrfiles.com/ugd/0c4177_da7953646f0146a9be5dd840a87fb5e5.pdf
- https://cdn.shopify.com/s/files/1/0428/8544/7833/files/pokemon_giratina_strikes_back_legendary_locations.pdf
- https://cdn.shopify.com/s/files/1/0457/4593/0396/files/ukf_form_guide.pdf
- https://static.usrfiles.com/ugd/2f8cea_147526d59b16410bb1590bd8939a2c85.pdf
- https://static.usrfiles.com/ugd/b8c837_28ee1430f79b46dc984a160ba83336f8.pdf
- https://static.usrfiles.com/ugd/2f3ac6_163ac71af12d4cd99eb2cff91c526191.pdf
- https://static.usrfiles.com/ugd/b8c837_54747d7996d7449ebdc7dc3d22e5f778.pdf
- https://static.usrfiles.com/ugd/b8c837_b4904fb0ba084e1d9d91f1739727aeed.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006c67.bin99dd9bc5d9de85bf889b0beeddded82225b344e118cbb7e2ce24759034a0e403 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C67 | 5624 bytes |
font_01_sfnt_off00007ef4.bin6d204598fc0c3a9a00d9212d9f5278f19ad84156ab5baad4ceaf6597edf84253 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EF4 | 14616 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.