MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged as malicious due to the presence of numerous embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, contains the URL that triggered the malicious redirector heuristic. The file also exhibits characteristics of a link farm, suggesting an attempt to distribute malicious content or conduct phishing operations through a large number of external links.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=gabino+fraga+derecho+administrativo+pdf
- https://static.usrfiles.com/ugd/a107db_7ba909a646854779854c04ba40149308.pdf
- https://static.usrfiles.com/ugd/b8c837_2d69e7d67fab432a97d0fad4414a40cc.pdf
- https://static.usrfiles.com/ugd/b8c837_d722f0ddacd243dc8ecf1715c8a918ef.pdf
- https://static.usrfiles.com/ugd/b8c837_946e224b9e224da3ba33e5d7e7495b8f.pdf
- https://cdn.shopify.com/s/files/1/0454/3460/1640/files/main_points_of_18th_amendment_in_pakistan_constitution.pdf
- https://cdn.shopify.com/s/files/1/0432/1912/4382/files/kogevulefomixuwefi.pdf
- https://cdn.shopify.com/s/files/1/0429/7284/0090/files/ain_t_no_sunshine_lyrics_and_chords.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/sakumuxapiwitisozu.pdf
- https://cdn.shopify.com/s/files/1/0434/6806/2872/files/5591142583.pdf
- https://static.usrfiles.com/ugd/89c6ad_854cc0772b0446c1bf630c93188a38da.pdf
- https://static.usrfiles.com/ugd/50de67_0ea9c9a3742245d7b949286db92b9e1b.pdf
- https://static.usrfiles.com/ugd/b8c837_4a3ae670a5fe4fddbc5ddde7e7f2dc8a.pdf
- https://static.usrfiles.com/ugd/e4ff69_11763041c2214d518edbcf8e05692354.pdf
- https://static.usrfiles.com/ugd/f3ecbe_01685242ea754addb4c0aa2622ee648e.pdf
- https://static.usrfiles.com/ugd/a91264_8f241888dca3485cadccba28aea9794c.pdf
- https://static.usrfiles.com/ugd/91e123_db77b6e36f8042cd8485567c3e3c6fea.pdf
- https://static.usrfiles.com/ugd/b8c837_7716abd5297f4629bca5cf08fa05de70.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057ec.bin03dc0bef1f7874ac9c21463eda6126831e791797a1a7c51e93d61c19575b846e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57EC | 5768 bytes |
font_01_sfnt_off00006b73.bin5bf64137a863436f2d07cee82034b6b46a0ff282b0f87ed5cda1cc892a0ced3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B73 | 10464 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.