MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by an ML classifier and contains a link to a known malicious redirector. It also features a large number of external links, indicating a potential SEO manipulation or link farm strategy. The document body itself is heavily obfuscated and contains the malicious URL, suggesting it's designed to lure users into clicking through to a harmful destination.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=flock+rise+time+tester
- https://static.usrfiles.com/ugd/b88e3d_f1e65a311ef940e9aa2cc48e9a5d162e.pdf
- https://static.usrfiles.com/ugd/b8c837_a2f640f340c6440aaa326855df987f29.pdf
- https://static.usrfiles.com/ugd/314c35_b9bb73652ccd446088624dcd35fb4692.pdf
- https://static.usrfiles.com/ugd/3e87bf_5b2a8f5a6bd449b98cf4d20a42d6a6a7.pdf
- https://static.usrfiles.com/ugd/b8c837_5e1947b7e04447b99c3da2920385052d.pdf
- https://static.usrfiles.com/ugd/b8c837_5e363015ff504085a3de576f5df0ec33.pdf
- https://static.usrfiles.com/ugd/e42ee3_a30febd9f32e49e39d3e198ffbb51699.pdf
- https://static.usrfiles.com/ugd/b8c837_4a87aba0e8764feda54d5ba9866ba59c.pdf
- https://static.usrfiles.com/ugd/10b11f_6ea21ba756724eeaa0216b0598ec6dd7.pdf
- https://static.usrfiles.com/ugd/724fb5_156ed0a8115d4e45a23cbf815706af53.pdf
- https://static.usrfiles.com/ugd/c618e9_12603eee7f464fa9990b52b9050cae80.pdf
- https://static.usrfiles.com/ugd/b8c837_ef49ec6bf39c4bb486bb80f5e5d64998.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000046ef.binf5740864aa6fcd7a32869f4bbca19111dfbd4b9cf563b3feceea7b6aaf0345e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x46EF | 4756 bytes |
font_01_sfnt_off000056fb.bin9ce24b8ec5e1d266f5d2f03f3db3e8f8006dcd9fdc1355d354dc0db7072efcd9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x56FB | 9996 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.