MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged as malicious due to a high number of embedded links pointing to a redirector service. The primary malicious URL identified is https://ttraff.com/pify?keyword=dragonscale+leatherworking+classic+guide, which is part of a link farm. This suggests the document's purpose is to lure users to malicious sites, likely for phishing or to download further malware.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=dragonscale+leatherworking+classic+guide
- https://static.usrfiles.com/ugd/c0fca2_d7d9ddf21f5942a7a273229746c3f592.pdf
- https://static.usrfiles.com/ugd/b8c837_9bcc5f2c98884778aaea515996663cd5.pdf
- https://static.usrfiles.com/ugd/f96b02_0bdaa8f2d5284d6cb816c88371869018.pdf
- https://static.usrfiles.com/ugd/6924eb_188dfd0c1e63469e8632be350834bee3.pdf
- https://cdn.shopify.com/s/files/1/0433/3607/3366/files/32387773377.pdf
- https://cdn.shopify.com/s/files/1/0429/0389/6217/files/buy_karaoke_downloads.pdf
- https://cdn.shopify.com/s/files/1/0427/5005/0460/files/lokazuli.pdf
- https://cdn.shopify.com/s/files/1/0437/5268/5717/files/python_save_image_from_url.pdf
- https://cdn.shopify.com/s/files/1/0462/1303/8233/files/60943781294.pdf
- https://cdn.shopify.com/s/files/1/0461/7581/3786/files/adeleke_university_school_fees.pdf
- https://cdn.shopify.com/s/files/1/0439/1229/8648/files/sheltie_breeders_northern_california.pdf
- https://cdn.shopify.com/s/files/1/0430/3880/2073/files/lepuxijekeveropizim.pdf
- https://cdn.shopify.com/s/files/1/0432/6440/9764/files/60103047753.pdf
- https://cdn.shopify.com/s/files/1/0434/7248/6564/files/bibliographic_control.pdf
- https://static.usrfiles.com/ugd/a771bd_e38969441ec94b6e8075903de934ac96.pdf
- https://static.usrfiles.com/ugd/d54300_de5fcc8442d24b449d3ca04e4b1c9882.pdf
- https://static.usrfiles.com/ugd/73c254_941e3d692dfe48cfb8c5a3b4340e542a.pdf
- https://static.usrfiles.com/ugd/d2cc1f_bda646da36cd447b8f9338255a2eea2a.pdf
- https://static.usrfiles.com/ugd/f1780b_1ab5c2f4259b4b2f9ae89d473ef6c7ec.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000750e.bin862206f10ac5ae9a8973c832d453a4e008df0b586f428da52421b232d7fc9370 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x750E | 5356 bytes |
font_01_sfnt_off00008757.bin8d8dadc83cb88181159186a57755f0472c72251aa8f40ee55a881a7ecc6fcc46 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8757 | 10752 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.