MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains numerous embedded links, with one prominently leading to a malicious redirector at `https://ttraff.com/wix?keyword=dragon%2527s+lair+apk+cracked`. This URL is flagged as malicious and is part of a link farm designed to attract traffic. The document body, though partially corrupted, contains keywords related to cracked software, reinforcing the lure. The presence of multiple PDF links suggests a broad distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=dragon%2527s+lair+apk+cracked
- http://rulefife.caitlin-cannon.com/uploads/1/3/0/8/130874368/735b392217b3.pdf
- http://garin.abplasticpro.com/uploads/1/3/1/4/131482992/7046972.pdf
- http://files.calvarynewlifesa.net/uploads/1/3/0/7/130739783/8c2bedb6c.pdf
- http://rimuv.pianorentaldc.com/uploads/1/3/1/4/131438641/7295248.pdf
- http://kavejife.5trt.org/uploads/1/3/0/7/130776298/bisiketibim_bidizukepabota_pebafizupuk_fewemusumemetu.pdf
- https://cdn.shopify.com/s/files/1/0427/4916/5734/files/65175924518.pdf
- https://cdn.shopify.com/s/files/1/0432/1912/4382/files/cambridge_igcse_business_studies.pdf
- https://cdn.shopify.com/s/files/1/0432/7941/7504/files/31941881309.pdf
- https://0759b4ac-9a5c-4e31-80a8-b43e05d0cb51.filesusr.com/ugd/3d0627_ceb94c340aae4bccb78f42bf8020e437.pdf?index=true
- https://7d00cd22-f2e5-4387-abaa-8f558f794769.filesusr.com/ugd/d38238_9854b7c4718d470a8ad948f95e6bbe5c.pdf?index=true
- https://b88e134e-b6c8-4af6-a6fe-6ccd43389ad5.filesusr.com/ugd/ca9b0a_57ecc3cefd1b41fc912a576caff6346e.pdf?index=true
- https://2d998db4-cef2-4cf7-957b-ceca252b88c3.filesusr.com/ugd/ad2ade_80b9bd1cb50147e195c30226e8eb75fe.pdf?index=true
- https://1dea955a-24a1-479a-a48a-c812fae301a4.filesusr.com/ugd/4f270c_fc2f14fa06ec4b40a08e26ec0393f503.pdf?index=true
- https://12457813-ec0f-4f4b-a931-dd6448d3a048.filesusr.com/ugd/9e14ca_f5ef355c407a46fd825cfe83746fe80c.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000066fb.bin800c5875aa79b28260f7d87f134e1086af256b9964f4bc3fd39af3b27984569f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x66FB | 5044 bytes |
font_01_sfnt_off00007827.bin4cb169e80b60185efa3d03e9e166f84cbd81c485c2219233c4d16e78d8014429 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7827 | 10344 bytes |
font_02_sfnt_off00009b88.bina542ec26cea93e049a2e27cd59b1347dd9bbdea13775fd7b822b3c2b3136116f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B88 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.