MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1200 Hardware Add-in
T1059.001 PowerShell
The PDF was flagged by multiple critical heuristics for containing a malicious redirector link and a large number of external links, suggesting a link farm. The primary malicious URL identified is https://ttraff.com/wix?keyword=bottom+navigation+in+kotlin+android. While the document body contains text related to Android development, the embedded links and heuristic firings indicate a malicious intent to redirect users to harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=bottom+navigation+in+kotlin+android
- https://static.usrfiles.com/ugd/0ebc1f_18c04242bfeb4f7bbc3c2736cb9bb70a.pdf
- https://static.usrfiles.com/ugd/e23fbb_04089d60127842b49968a3bd7aa3f77c.pdf
- https://static.usrfiles.com/ugd/a474dd_078035a7e5c04c1cb468e53560043fdf.pdf
- https://static.usrfiles.com/ugd/7e0eb0_0df3eb4b7dcc4fef9e1044cd33878fa7.pdf
- https://cdn.shopify.com/s/files/1/0430/2100/9053/files/64699321748.pdf
- https://cdn.shopify.com/s/files/1/0436/1961/4884/files/kcpe_kiswahili_2018_answers.pdf
- https://cdn.shopify.com/s/files/1/0434/5580/7641/files/antinutrients_in_legumes.pdf
- https://cdn.shopify.com/s/files/1/0428/9485/2252/files/towotapor.pdf
- https://cdn.shopify.com/s/files/1/0438/6134/4406/files/genetics_by_pk_gupta_download.pdf
- https://cdn.shopify.com/s/files/1/0431/4890/2557/files/sap_decentralized_warehouse_management.pdf
- https://cdn.shopify.com/s/files/1/0427/7121/8588/files/body_shaming_adalah.pdf
- https://cdn.shopify.com/s/files/1/0449/2325/6999/files/the_18_brumaire_of_louis_bonaparte.pdf
- https://cdn.shopify.com/s/files/1/0427/6482/8838/files/anne_marie_marshmello_song.pdf
- https://cdn.shopify.com/s/files/1/0433/9128/7461/files/biology_module_6_test_answers.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000089b0.bin3ee805a622c7b0c02f146cd28cf3fd29fd9ce6cd1bf4ee8fccecca2846d17e50 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x89B0 | 5140 bytes |
font_01_sfnt_off00009b1a.bin6264eb22d273ca25729a3ae2bbb9f6803b693da49f50f21ca0d7dddf67c79f1a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B1A | 4012 bytes |
font_02_sfnt_off0000aa78.bin8ac9fa5d3f18e1e0770df0b6c17c1a447bfb7444660d64bad8f772e622c1d6b9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAA78 | 15296 bytes |
font_03_sfnt_off0000daca.bin9026f3b3db4823843c0cd60ab9659202f9f06131997374a39278b243e9da0b8e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDACA | 16164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.