MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, many of which point to external PDF files, a technique often used for SEO poisoning or link farming. One critical heuristic identified a link to a known malicious redirector, which is the primary indicator of malicious intent. The document body, though heavily obfuscated, contains text related to a 'general chemistry study guide pdf' and the malicious redirector URL, suggesting a lure to trick users into clicking the link. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=general+chemistry+study+guide+pdf
- http://files.hisandherhome.ca/uploads/1/3/1/3/131380899/46f52.pdf
- http://files.rmofprairiedale.com/uploads/1/3/0/8/130874317/wuture.pdf
- http://savej.pokebattles.gfx-pro.net/uploads/1/3/0/7/130739192/5073450.pdf
- https://cdn.shopify.com/s/files/1/0434/8405/3669/files/ruxog.pdf
- https://cdn.shopify.com/s/files/1/0435/9333/4952/files/56415273523.pdf
- https://cdn.shopify.com/s/files/1/0429/1349/7247/files/labetalol_mechanism_of_action.pdf
- https://cdn.shopify.com/s/files/1/0428/5107/4214/files/potadusimeti.pdf
- https://03fa8c1c-edd9-4e65-a472-2e9b4e632bb8.filesusr.com/ugd/5bb01c_a97c4ea240344867b53b20342ad334d3.pdf?index=true
- https://1d9f9857-6ea7-4e43-970b-08ab4d46925a.filesusr.com/ugd/18574e_cb144c7f3a09468a80b8f4378f1c3e02.pdf?index=true
- https://70959d93-e771-4b22-ac6e-dce310db0d9e.filesusr.com/ugd/daca0d_6f7227a8b5f04410a7281d9d6c52b6e9.pdf?index=true
- https://cb30380a-8e69-4466-a2a5-76103c29716a.filesusr.com/ugd/0789d5_89d8c0c1ebd44998ac89f24f786f4bbb.pdf?index=true
- https://0c77ce36-6a57-4d4c-9eed-e45cbe47bb45.filesusr.com/ugd/e42c35_4fbf78e52bdb4fd1b078fe617bd28ad6.pdf?index=true
- https://6faae180-5dc2-4b2d-b36a-f3e5985845d7.filesusr.com/ugd/26481d_9481c4e609604b969ae7f628b7dad20e.pdf?index=true
- https://18a740b7-cd94-4de1-8fdd-98c26112fb5f.filesusr.com/ugd/debdc1_03349ab7fd224615af20899c0f39696e.pdf?index=true
- https://07b75c20-3dba-476f-a755-ad9c51a419b0.filesusr.com/ugd/a58b01_d74056b28e1243c0b408fd2a6913ddf4.pdf?index=true
- https://e6356322-7580-4945-851e-9fb8aea4881a.filesusr.com/ugd/370ea2_80db8562471d4522b81b8a35c43c7b62.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://e6356322-7580-4945-851e-9fb8aea4881a.filesusr.com/ugd/370ea2_80db8
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005d41.bin7a67b86a741aebcf914af29f4983863f788b7aa5bd695ca7ac5838ab4783e5d6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D41 | 5704 bytes |
font_01_sfnt_off00007084.binacccc3293391049adc2f1735449f0110957079f14b4026d3a5da49be0a2e6c08 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7084 | 10216 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.