MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains numerous embedded links, with one specifically pointing to a known malicious redirector. The document body, though partially corrupted, suggests a lure related to a 'psychology of lies' PDF. The heuristic firings confirm the presence of malicious redirector links and a link farm, indicating an attempt to drive traffic to malicious sites. The primary IOC is the malicious redirector URL.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=libro+psicologia+de+la+mentira+pdf
- https://cdn.shopify.com/s/files/1/0440/1247/0422/files/teboradisepusejed.pdf
- https://cdn.shopify.com/s/files/1/0445/3544/7711/files/segurana_meio_ambiente_e_sade_petrobras.pdf
- https://cdn.shopify.com/s/files/1/0433/7719/7221/files/30056605227.pdf
- https://cdn.shopify.com/s/files/1/0437/4321/5767/files/jump_throw_bind.pdf
- https://cdn.shopify.com/s/files/1/0434/1402/8444/files/54570433034.pdf
- https://cdn.shopify.com/s/files/1/0431/0587/8170/files/wall_street_excel_shortcuts.pdf
- https://cdn.shopify.com/s/files/1/0448/3599/5808/files/windstad_manor_mod.pdf
- https://cdn.shopify.com/s/files/1/0431/3671/2861/files/vikekuruterix.pdf
- https://cdn.shopify.com/s/files/1/0432/7797/5712/files/akuntansi_dasar_smk.pdf
- https://cdn.shopify.com/s/files/1/0429/8961/7311/files/kupotavafirepetutire.pdf
- https://cdn.shopify.com/s/files/1/0432/1892/7779/files/gowokudatadof.pdf
- https://cdn.shopify.com/s/files/1/0429/6838/3642/files/biology_questions_download.pdf
- https://cdn.shopify.com/s/files/1/0428/9111/6700/files/agisoft_photoscan_professional_full.pdf
- https://cdn.shopify.com/s/files/1/0436/3059/2160/files/wexasipesize.pdf
- https://static.usrfiles.com/ugd/2c608b_20039657da0d417ab80b78dd87db3cbd.pdf
- https://static.usrfiles.com/ugd/a2c2bc_a2d58d867b624da9a683d1948305065a.pdf
- https://static.usrfiles.com/ugd/b8c837_664249c81da44ab2969ba9e06293e833.pdf
- https://static.usrfiles.com/ugd/6290de_e5144811a71c4e469c2dc98f09b6df5d.pdf
- https://static.usrfiles.com/ugd/c20ea7_3144bcd800ce46b08d46be901d074d75.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004e51.bina63ba1b253bbce98257c859363a75bf5bd87e1022e676c6a2a9d229f43261c59 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E51 | 5556 bytes |
font_01_sfnt_off00006112.bin86eaa01862d577220bd49cba0da0fcdac3921cfdaf29a7800f6b0442b4467624 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6112 | 10500 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.