MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains multiple embedded URLs, with a critical heuristic firing for a malicious redirector link. The document body, though heavily obfuscated, contains text that appears to be a lure ('Bill nye volcanoes worksheet'). The primary malicious URL identified is https://ttraff.link/wix?keyword=bill+nye+volcanoes+worksheet, which likely leads to further malicious content. The PDF also exhibits characteristics of a link farm, with numerous links to external PDF files hosted on various domains.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=bill+nye+volcanoes+worksheet
- http://files.rnbreptiles.com/uploads/1/3/1/0/131070841/vabevupaxu.pdf
- http://fower.rottsofruv.com/uploads/1/3/0/7/130776485/5752743.pdf
- http://files.clubedouroxtreme.com/uploads/1/3/2/7/132712333/fudejudadopijo.pdf
- https://a20b3f77-f3ce-47d5-8469-e4ced781a669.filesusr.com/ugd/9ea91e_0f4ff0b3a1e842518d5edf9ab2684aa4.pdf?index=true
- https://1c0c9b54-ef54-4311-9c5a-c50f5036cdec.filesusr.com/ugd/36d413_47bf50fec8484f34a4fd7cf8a348e6af.pdf?index=true
- https://88bb0708-8304-443d-bfa4-499f779d3ce4.filesusr.com/ugd/5262df_d5f82a88c2994f31839df19a4f48607d.pdf?index=true
- https://a6b805b6-52a9-4d2e-8a0d-d20f0f168782.filesusr.com/ugd/74a852_83994a07b5c54432a8ede02ff0929834.pdf?index=true
- https://7ed25c90-1a4c-4cc8-b100-d385ebe694d2.filesusr.com/ugd/136d07_8bc0adbe23d843c8b401c59b9a0bc46e.pdf?index=true
- https://5dc24606-16bc-47a7-9d23-d7f21f1bb6e8.filesusr.com/ugd/a64c8c_17c9e8f085e842ba83a9a8f8894c7425.pdf?index=true
- https://450fc5af-18b3-465b-a8ae-a3a9efb8ff09.filesusr.com/ugd/b42fd6_7b6f383bebef4afcbb69c9bb1a369515.pdf?index=true
- https://7da82b05-a30b-4a0e-b339-e99b411dcd8a.filesusr.com/ugd/7c1f05_0b5dd9074c7c4c46ba93046867d61ebc.pdf?index=true
- https://849ba0a0-66f7-4287-99d9-09fcbf14196c.filesusr.com/ugd/8e1900_3f67fbed5d784f2f834a39d6c9afb733.pdf?index=true
- https://dc0a2ac0-758c-4372-b00d-dd4e6e4c77c3.filesusr.com/ugd/a8ca0f_b9da88cbf6c2485ba472ff35684a1e9b.pdf?index=true
- https://6d91f381-6a9f-4a01-94d8-d1b5e8738eb8.filesusr.com/ugd/23a6c3_dbf1a8992caf43ae8f0877360cabdadd.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007349.binc2b86ef916e529c045c311ba9e8c280c86ac3fa5ea74fbb41fb9ef5526c26242 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7349 | 5256 bytes |
font_01_sfnt_off00008541.binf3c95fda7f05eb7db718f5948b7237c00447c54a188918eb5c8f865e13fdf923 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8541 | 10612 bytes |
font_02_sfnt_off0000a9c1.bin764fe263e68fd20aff2bbd96e69f5a400d440299d02096befa162391f913c7cf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA9C1 | 16144 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.