MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, identified as a link farm, designed to redirect users to malicious websites. One such link points to a known malicious redirector infrastructure. The ML classifier strongly indicates maliciousness. The document body, though heavily obfuscated, contains references to the URLs and appears to be a lure related to 'nutritional healing with chinese medicine pdf'.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=nutritional+healing+with+chinese+medicine+pdf
- http://files.couragenations.com/uploads/1/3/0/8/130873826/ravirotokun-nimupulikiwol-sotibujolagalal-roxise.pdf
- http://files.clarksurveyor.com/uploads/1/3/0/7/130776887/a513e74da6465.pdf
- http://zarisaxel.rhpsip.org/uploads/1/3/0/9/130969356/xipumomero.pdf
- http://pinux.mustangsbasketball.com/uploads/1/3/1/3/131379698/4022827.pdf
- https://619aa560-8b21-45e7-817c-e4518d65badd.filesusr.com/ugd/b9801a_46153213906f40189857738293afe656.pdf?index=true
- https://60faabf5-d5da-4eef-8bee-40fbeb5b59a0.filesusr.com/ugd/f6a907_83eab1ad178d4ff4a1d98475307954a7.pdf?index=true
- https://fc237de3-d72b-4d7d-b601-ba9f91ce912c.filesusr.com/ugd/e42c35_b3e48679394748f28b56c0f44da3889c.pdf?index=true
- https://530e502b-4537-4b5e-890b-0fadf6da135c.filesusr.com/ugd/c8df25_dc6958ee737c43e882ec08c384e68b8d.pdf?index=true
- https://dddcc9b3-528b-4ccd-82ee-92b3bf51e37a.filesusr.com/ugd/d7d6cd_bf56019035724bed93c220e0cd34fd42.pdf?index=true
- https://3d8d954d-e23b-4049-a597-531d0ba7570a.filesusr.com/ugd/7be1cd_6922391ec714455ca7bd922ceab97f5a.pdf?index=true
- https://1cc24589-10af-4f2e-bc1f-f60b423104c8.filesusr.com/ugd/d8966e_a4d13b6551fd406fbeb14dfb988573c5.pdf?index=true
- https://93d3fb0a-66e7-43cf-a261-07982e3dd9ba.filesusr.com/ugd/9df9d6_ad0fe3d99e864215b8fdca49ead625b1.pdf?index=true
- https://4a65d5ef-72b9-458a-bf57-1e52b29ee144.filesusr.com/ugd/6f58fb_c297271089c74b76b515e118533ab24a.pdf?index=true
- https://98580c04-4525-45fa-a6ba-f85059fdabdc.filesusr.com/ugd/7a359d_6b35eeb7719f4fbe8b7a4bacc4e79ae5.pdf?index=true
- https://16af2f75-3c7b-459c-b21f-bf24681f0e72.filesusr.com/ugd/3f0e57_3b2b765f1fda4c288e6ed1d38ffee8af.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://16af2f75-3c7b-459c-b21f-bf24681f0e72.filesusr.com/ugd/3f0e57_3b2b765f1fda4c288e6ed1d3
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005d91.binfe49fe5e4b310b958cd704ed1af359a77ae4e7c46195d4ff821a82df2e1b48ad |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D91 | 5632 bytes |
font_01_sfnt_off000070a6.binfe1a42bbc5041aeef0286817661b56ab8dbce4ba9ae05c7a4ed3b9f15920b02d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x70A6 | 10528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.