MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.me/wix?keyword=pecan+prices+2019+arkansas'. This URL is the primary indicator of malicious intent, likely leading to a phishing or malware download site. The document body, though heavily obfuscated, also contains this URL, reinforcing its role as the lure. The presence of numerous other benign-looking PDF links suggests an attempt to blend malicious links with legitimate ones.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=pecan+prices+2019+arkansas
- https://cdn.shopify.com/s/files/1/0430/6694/9799/files/soulja_boy_net_worth_2015.pdf
- https://cdn.shopify.com/s/files/1/0433/9128/7461/files/bellini_digital_air_fryer_btaf19_manual.pdf
- https://cdn.shopify.com/s/files/1/0464/3110/9272/files/information_security_risk_assessment_report_sample.pdf
- https://cdn.shopify.com/s/files/1/0430/9054/2741/files/erosion_by_gravity_is_called.pdf
- https://cdn.shopify.com/s/files/1/0432/7102/8896/files/vukuxomezifaxuluwozoro.pdf
- https://cdn.shopify.com/s/files/1/0435/1151/3252/files/alta_performance_em_vendas_dale_carnegie.pdf
- https://f14ac0e1-9219-4fda-aef1-4394713895a4.filesusr.com/ugd/f3ecbe_284ec86c1e1346e087d40d87f4399cae.pdf?index=true
- https://e2012bb3-69e5-46af-8b96-2f18709e5d05.filesusr.com/ugd/f09a9d_537087a1e91b4ed7b4c207ee4f2c394a.pdf?index=true
- https://40ef9376-8aa0-455e-ad2b-ffa61b238ee0.filesusr.com/ugd/76aeb6_1ee1742ceba34ee687be75076692d3a9.pdf?index=true
- https://d034ad7c-3d0a-48a7-b535-f8357a8b94ea.filesusr.com/ugd/a374b9_8d9e010096f94939888ec3f2fa1e7cb4.pdf?index=true
- https://5df70d21-40ac-4627-8b32-c22f645a6f57.filesusr.com/ugd/2f3216_19f7d2dd8a8e456a9cd541dbf24fbc9c.pdf?index=true
- https://769de70a-d99e-4042-bc53-76ed356d96f2.filesusr.com/ugd/a51aec_76eb201b775c44d1805938e50ffb080a.pdf?index=true
- https://504d1716-b558-435d-a52b-ac52054d60f1.filesusr.com/ugd/bba345_b8c83300f047421284f0318dd34c6c0e.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006bbb.bin72df92dae7e35e56de0f56c470bc74ff0f5b1be2d3c99341307b9b073072b7a7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BBB | 5444 bytes |
font_01_sfnt_off00007e4d.bin4d177af561cd0c6dd0c18025a6fb087b22f8091200975b587f028e74a68bb8a1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E4D | 16108 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.