MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.com'. Additionally, it exhibits characteristics of a PDF link farm, with numerous external links, including one to 'lelef.bellhoney.com'. The ML classifier strongly flagged this PDF as malicious. The embedded URL 'https://ttraff.com/wix?keyword=resumen+corto+del+lazarillo+de+tormes+tratado+3' is the primary indicator of malicious intent, likely serving as a lure to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=resumen+corto+del+lazarillo+de+tormes+tratado+3
- http://lelef.bellhoney.com/uploads/1/3/1/6/131606289/5793739.pdf
- http://jotelok.jolietwestlibrary.com/uploads/1/3/0/8/130813554/vitavo.pdf
- http://files.elisejmorissette.com/uploads/1/3/2/6/132695568/7041700.pdf
- https://cdn.shopify.com/s/files/1/0435/2488/2583/files/tiny_tower_hack_ios.pdf
- https://cdn.shopify.com/s/files/1/0440/6899/5222/files/jugigofebaner.pdf
- https://cdn.shopify.com/s/files/1/0440/8298/7158/files/kufaxexogugegibatud.pdf
- https://cdn.shopify.com/s/files/1/0431/4506/8699/files/i_daniel_blake_vostfr_streaming.pdf
- https://cdn.shopify.com/s/files/1/0427/6997/3415/files/piwikonadeb.pdf
- https://cdn.shopify.com/s/files/1/0462/9358/1985/files/alfonsina_y_el_mar_sheet_music.pdf
- https://cdn.shopify.com/s/files/1/0431/8553/7175/files/65434971258.pdf
- https://0594c111-ad49-4645-aef3-0c7ab8154782.filesusr.com/ugd/dc8a8e_1920bc25edb446b695d0705f3cc8cbbc.pdf?index=true
- https://6a80ac32-abf5-4548-9377-d96554c62485.filesusr.com/ugd/10e3af_b14865d2f2bb4b5b9cc282b39962234e.pdf?index=true
- https://b0545209-06e6-462c-9103-f91a4d7570da.filesusr.com/ugd/15cd4d_102a5b6c41d546449f4833df38f7cc81.pdf?index=true
- https://2fcf7857-34e8-444b-873c-4bfefcb673c9.filesusr.com/ugd/67e251_753735ea76d448a2b312401ba1a223eb.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008524.bindfe9a98a525a4692d99eb78c00a1a65c7ed0c3b2680cb3a41e070fc35afc9eb3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8524 | 5304 bytes |
font_01_sfnt_off00009723.bin0454509b4d5f4e244bb346b2b251ac1901e95b664635a0cadb3fdfd74b507aa8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9723 | 11064 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.