MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link that redirects to a known malicious infrastructure, disguised with a search query for 'Mr bean cartoon in tamil hd'. This suggests a phishing or scam attempt to redirect users to malicious content. The PDF also contains a large number of links to other PDFs, indicating a link farm for SEO manipulation or traffic redirection. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=mr+bean+cartoon+in+tamil+hd
- http://xutunisa.gugulethusiziba.org/uploads/1/3/0/8/130814017/nejajalelix.pdf
- http://files.davejohnsoninteriors.com/uploads/1/3/0/7/130739084/seguwubafij_xajuzilezezopu.pdf
- http://tikupisep.powerofayear.com/uploads/1/3/1/6/131637036/jasosoro.pdf
- http://dunaj.oculonco.com/uploads/1/3/0/7/130740178/rawerakez-verab-nosimudojilerog.pdf
- https://cdn.shopify.com/s/files/1/0432/6119/8500/files/xovoval.pdf
- https://cdn.shopify.com/s/files/1/0440/3740/6870/files/94208845733.pdf
- https://cdn.shopify.com/s/files/1/0437/2905/9992/files/89094326630.pdf
- https://cdn.shopify.com/s/files/1/0431/5014/7733/files/63350668902.pdf
- https://cdn.shopify.com/s/files/1/0451/1966/8377/files/double_jeopardy_movie_questions_and_answers.pdf
- https://cdn.shopify.com/s/files/1/0429/8450/5498/files/75295095545.pdf
- https://cdn.shopify.com/s/files/1/0431/2399/8874/files/pa_rct101_instructions.pdf
- https://cdn.shopify.com/s/files/1/0432/2007/4663/files/87018346526.pdf
- https://cdn.shopify.com/s/files/1/0428/5012/3932/files/bhopal_map.pdf
- https://cdn.shopify.com/s/files/1/0432/4563/3691/files/16240062635.pdf
- https://cdn.shopify.com/s/files/1/0437/8863/2213/files/how_to_add_approved_stamp_in.pdf
- https://cdn.shopify.com/s/files/1/0434/8759/2608/files/23443275101.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off00006401.bin3364efb481e0c15f69b3d9a7fb3571ad27b1f7ae78a7b1c95a38de24890589ab |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x6401 | 11452 bytes |
font_00_sfnt_off000052bc.bin16f05f14bce3f937cd78c181d13c772cee5f80ca4d1e8e2c7c12108cebe0573d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x52BC | 5148 bytes |
font_02_sfnt_off0000817f.bind87f948e70d6b7a191971ff9cc90fcce902742730225ff7663958f1ab724391c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x817F | 5952 bytes |
font_03_sfnt_off000096d5.bin6b6a75fa2bf3090d70f735ba6b373663795b8f294789459af07d62abcbdea6b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x96D5 | 10536 bytes |
font_04_sfnt_off0000bb31.bin149cab45689013e99d1aa520d2e5234663aa5d8577b6aae5e423b5d60aeda4c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBB31 | 16036 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.