MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, directing users to 'https://ttraff.club/wix?keyword=nursing+philosophy+examples+portfolio'. This URL is presented within the document body, disguised as a nursing philosophy portfolio. The PDF also contains a link farm heuristic, indicating a large number of outbound links, many of which are to benign-looking PDF files hosted on file-sharing services, likely to improve SEO and mask malicious activity. The ML classifier strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=nursing+philosophy+examples+portfolio
- http://files.bradvanambergrealestate.com/uploads/1/3/2/6/132681513/sopiwe.pdf
- http://balaletij.worldpairsangling.com/uploads/1/3/2/7/132740186/fibatapiwev.pdf
- http://files.onemomentofpeace.org/uploads/1/3/1/4/131453847/3722995.pdf
- https://897461ef-908d-43c9-a6c1-fcf5412b383d.filesusr.com/ugd/18ee90_592ab9da02ed4051bfc90a9e8f7e4aef.pdf?index=true
- https://45f8c87a-b277-4083-b928-28e5517c5dc2.filesusr.com/ugd/96768c_de1a3a73550345978584d0ff3980cfe8.pdf?index=true
- https://252d0e2d-9816-41a5-82e8-c8570aef2c81.filesusr.com/ugd/681527_2774183fe1c347689ec7fdc6ad2de0cd.pdf?index=true
- https://e191a511-2be4-401b-a8ff-8a7ba0c0756e.filesusr.com/ugd/ebcc4b_78cd136724b443cbb5684bac50be2799.pdf?index=true
- https://cdn.shopify.com/s/files/1/0479/2906/5639/files/practice_worksheet_parent_graphs_of_trig_functions.pdf
- https://cdn.shopify.com/s/files/1/0429/1638/0831/files/chloroform_means_in_arabic.pdf
- https://cdn.shopify.com/s/files/1/0427/4854/3142/files/55351356887.pdf
- https://cdn.shopify.com/s/files/1/0431/5702/9019/files/liverpool_fc_match_report.pdf
- https://cdn.shopify.com/s/files/1/0431/0876/1764/files/87228443711.pdf
- https://cdn.shopify.com/s/files/1/0434/7818/8198/files/story_elements_worksheets_8th_grade.pdf
- https://cdn.shopify.com/s/files/1/0430/5387/5357/files/9061139310.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005dad.bin96ba292bddce52b1902003645c1a57fbd15389f78ae28afa1881c434a6b01831 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5DAD | 5452 bytes |
font_01_sfnt_off00007024.bin54b48ac4bff86ab0f7d4505dc81d6754f74e86ddde29b05b6269802e669f204d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7024 | 9536 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.