MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous embedded links, with one specifically identified as a malicious redirector. The document body, though heavily obfuscated, contains text that appears to be a lure related to academic materials, and the embedded URL `https://ttraff.me/wix?keyword=reading+like+a+historian+document+a+portuguese+textbook+answers` reinforces this. The presence of a link farm further suggests an attempt to distribute malicious content or SEO spam.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=reading+like+a+historian+document+a+portuguese+textbook+answers
- http://revewo.bodyflowosteopathy.com/uploads/1/3/2/6/132682168/zukesitufed-linajopurim-lubijob.pdf
- http://files.jerrycancompany.com/uploads/1/3/1/0/131070355/rixapisotukivojaw.pdf
- http://mowowiro.crawlspaceartists.com/uploads/1/3/0/7/130739046/6024860.pdf
- https://29b2bf8d-62e7-47ec-82a2-f88e4ba98c3c.filesusr.com/ugd/bcfc12_01d5e327760745d4bfdad01a606e04af.pdf?index=true
- https://1d810385-218e-4018-acb7-5bec9220fbbf.filesusr.com/ugd/a43ec6_436775330f9e4789950947c851f4ad8b.pdf?index=true
- https://a20de3a8-72b9-4eb7-8103-07d413bce0c8.filesusr.com/ugd/409ca8_c694147e44cd497093e58847e0742dab.pdf?index=true
- https://6cdde077-ba3d-4115-a90b-97a0fdd090a2.filesusr.com/ugd/defcb2_57a03294243542ccbc5f8de35a3aa1ac.pdf?index=true
- https://712b8221-41ed-463a-acab-9a0bb8ce3353.filesusr.com/ugd/f64db8_862246b2f77a431f85cdbf4f440da28d.pdf?index=true
- https://27016be7-a080-43dd-8d16-b6543a884a02.filesusr.com/ugd/c67d0c_12664e6235ba44558066e44cea4a0af1.pdf?index=true
- https://0051bdad-89b6-4540-9e97-228fe4130456.filesusr.com/ugd/fdd6c2_cdf8214183db45bb906d732e216f661f.pdf?index=true
- https://b787d263-034c-40ef-8746-b87c40f27d91.filesusr.com/ugd/61b8bf_d8a04b37cdda4622b74ca12be1c96bb6.pdf?index=true
- https://0bbee060-4a24-4a1e-800d-6faed4cb4893.filesusr.com/ugd/76b6de_5df3779e38d1460f8bab318a49aa0ce7.pdf?index=true
- https://e8764a66-3f6b-4e1b-ada8-7ec56afab02c.filesusr.com/ugd/2ddd39_5b1cd0b1415e477abdc7d72c62d81742.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004709.bin2f516e246c3ca72e445b1672fb8de2ac5b98728606bd4518ef6731db7c215e28 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4709 | 5740 bytes |
font_01_sfnt_off00005a73.bin5e64391d7502267eca7aeae0c621aef8db2ffb7cbe87a26b1c95745f9c79f14c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A73 | 9600 bytes |
font_02_sfnt_off00007b3b.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B3B | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.