MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass of external links, with the primary link directing to a known malicious redirector. The document body, though partially corrupted, contains the URL 'https://ttraff.club/wix?keyword=baking+sheet+bending+in+oven', which is flagged as malicious. This suggests the PDF is designed to redirect users to malicious content, likely for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=baking+sheet+bending+in+oven
- http://files.aitorrogo.com/uploads/1/3/1/0/131071035/8c1a02c.pdf
- http://files.agriculturallandservices.com/uploads/1/3/1/4/131455475/5791440.pdf
- http://files.aprenderyaonline.com/uploads/1/3/0/7/130775446/wukibimutatubes_jupimixuzura_wupisake_ritiwotatemilu.pdf
- http://xagalunil.therhodeislandecho.com/uploads/1/3/1/3/131380160/sewexirajarafa-menixan-palemamasiz.pdf
- http://zuduvuve.rainbarrelalaska.com/uploads/1/3/1/1/131164127/loliloxelo.pdf
- https://static.usrfiles.com/ugd/b81754_2d48af67c9ea4d09a03b1c72654a0a18.pdf
- https://static.usrfiles.com/ugd/964009_8d7513751a5b4135b51e117542d07fd0.pdf
- https://static.usrfiles.com/ugd/60ffa2_c101b9781d4a4f198c6e511dc1d26886.pdf
- https://static.usrfiles.com/ugd/2ddd39_bdb68766d9a842f0ad1f3dc5d1ae98fa.pdf
- https://static.usrfiles.com/ugd/5ecadc_3353a2aa247d437db5fc8835030eb585.pdf
- https://static.usrfiles.com/ugd/b3318b_278b42e19577436fb21dd3cfede15e1a.pdf
- https://static.usrfiles.com/ugd/b8c837_9fe61f5d46e74f54a423fb18b60be5df.pdf
- https://static.usrfiles.com/ugd/b8c837_60aaf34d57d44d2e8efb5eab3e0cbb27.pdf
- https://static.usrfiles.com/ugd/7dd30d_7a84d05776624594b2952700146c14dd.pdf
- https://static.usrfiles.com/ugd/868401_244bf11ae96640caa6de9fe91bfc1f90.pdf
- https://static.usrfiles.com/ugd/10cedf_8d262dd833854e5292ef5a22039c4ce2.pdf
- https://static.usrfiles.com/ugd/5ecadc_f371fe0451b44a558a09434a9b0bd2d9.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f85.bin10be3446a059aa1a5a72cd999c201a8027779326bcf2836403f18c7aa5b0bc18 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F85 | 5272 bytes |
font_01_sfnt_off00008176.bina36eee06fef6ce219692c4ec918276ac99413e4fd1e3666e4031624f9289d620 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8176 | 1800 bytes |
font_02_sfnt_off00008a03.bin2b0e586f706f7a10cd62f5cc4da22957e74d4f08641b84b661189fe911978d79 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A03 | 10272 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.