MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many pointing to Shopify domains, suggesting an SEO poisoning or link farm strategy. One critical heuristic indicates a direct link to a known malicious redirector at 'https://ttraff.cc/wix?keyword=laxmi+suktam+in+hindi+pdf'. The document body, though heavily obfuscated, contains the same URL and a reference to 'laxmi suktam in hindi pdf', indicating a lure to disguise the malicious intent. The ML classifier strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=laxmi+suktam+in+hindi+pdf
- https://cdn.shopify.com/s/files/1/0432/4101/3412/files/23669522523.pdf
- https://cdn.shopify.com/s/files/1/0434/8903/4402/files/cassandra_architecture.pdf
- https://cdn.shopify.com/s/files/1/0437/3767/7989/files/darowimuvitavi.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/xibirinadinabamagumib.pdf
- https://cdn.shopify.com/s/files/1/0429/5376/9123/files/kozumuvisuno.pdf
- https://cdn.shopify.com/s/files/1/0431/1685/5453/files/saturated_and_unsaturated_fats.pdf
- https://cdn.shopify.com/s/files/1/0432/5077/8275/files/cd4047_datasheet.pdf
- https://cdn.shopify.com/s/files/1/0431/4441/3350/files/81772593305.pdf
- https://cdn.shopify.com/s/files/1/0430/9703/0817/files/vipomirikidonipijujiwaj.pdf
- https://static.usrfiles.com/ugd/b8c837_bc382d467c754a869cd3d621bcb08ec2.pdf
- https://static.usrfiles.com/ugd/b58d21_c0e6e9f41eac4c81b998b6a8d4556be2.pdf
- https://static.usrfiles.com/ugd/b8c837_2977d4f4b08f41228e7cb93640987667.pdf
- https://static.usrfiles.com/ugd/b8c837_f38cb052435c4fe7a7880d25155df6cc.pdf
- https://static.usrfiles.com/ugd/d162e3_4b81976663034d6397d0033c0598cf56.pdf
- https://cdn.shopify.com/s/files/1/0432/1676/5087/files/angle_pair_relationships_test.pdf
- https://cdn.shopify.com/s/files/1/0431/1420/1250/files/happy_birthday_images_in_tamil.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off00009df4.bin9fdd04a62c42a94cc820a1aba6238cc9872d007e28b6cbd292b0b76ad3a4fbb2 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x9DF4 | 7768 bytes |
font_00_sfnt_off00005b2d.bin36da08a17ee5086c89932df7127f35fb89201a4772404626b96c30481b7f78b0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5B2D | 5224 bytes |
font_01_sfnt_off00006cd7.bin6539b129c5cd894636dc8f40f53a156c00c8f46378ab4f137c96d687a1cff6ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CD7 | 3720 bytes |
font_02_sfnt_off0000783a.bin6fe3d8a185b65603f4d053790f9c715f15be07420ea37761ef96c4bf88ba54d6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x783A | 11088 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.