MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.001 Malicious Link
The PDF file contains numerous embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, suggests a lure related to a "Kenneth cole touch screen watch manual". The presence of a link farm and a critical heuristic firing for a malicious redirector strongly indicates a phishing or scam attempt. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=kenneth%20cole%20touch%20screen%20watch%20manual
- http://files.vancouvermermaid.ca/uploads/1/3/0/7/130776176/85d673715a18205.pdf
- http://files.beso.co.nz/uploads/1/3/2/7/132740682/a3d08262ae3.pdf
- http://files.alive-events.com/uploads/1/3/0/7/130775505/9987633.pdf
- http://files.grandmasquilthouse.com/uploads/1/3/0/8/130813458/nijavovejibuzid_wozefe_dopukiluzir.pdf
- http://files.westaucklandcadets.com/uploads/1/3/2/7/132740564/najumo.pdf
- http://files.copelcommunications.com/uploads/1/3/2/6/132695629/sekanufaf.pdf
- http://files.marketmovesmatt.com/uploads/1/3/0/8/130874629/nuvigure-bufagejiv.pdf
- http://files.winnipeggroundschool.com/uploads/1/3/2/6/132695418/vekeronuvakigowopad.pdf
- http://files.soulhealingcollegeparklanham.com/uploads/1/3/1/3/131379761/tekagegujemuwenika.pdf
- http://files.winnipeggrou
- https://sizamivizu.files.wordpress.com/2020/07/dirofinit.pdf
- https://xefupixebi.files.wordpress.com/2020/07/44820726267.pdf
- https://ruxurogizipo.files.wordpress.com/2020/07/60399429417.pdf
- https://fokovuzoviva.files.wordpress.com/2020/07/vunigusiwazek.pdf
- https://tejunif.files.wordpress.com/2020/07/44532735339.pdf
- https://cdn.shopify.com/s/files/1/0427/3831/9527/files/filepitomimimifomapo.pdf
- https://cdn.shopify.com/s/files/1/0430/8385/8073/files/85486843086.pdf
- https://cdn.shopify.com/s/files/1/0433/3273/1038/files/74889424849.pdf
- https://cdn.shopify.com/s/files/1/0428/9105/1161/files/pobaxidavabixobupananagu.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/31321710084.pdf
- https://cdn.shopify.com/s/files/1/0431/5525/9560/files/67534629505.pdf
- https://cdn.shopify.com/s/files/1/0431/8094/9658/files/41891539635.pdf
- https://cdn.shopify.com/s/files/1/0427/5562/1031/files/5378026295.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005ee7.binca6b5c17c483bd4e2f765356a2f8e75cbdbc36b403b928edfc61c632633a5d64 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5EE7 | 4936 bytes |
font_01_sfnt_off00006f94.bin6b49d53d6fa224846e181d8f175a8e94e505a2195ea60ae88f06e4a5dcd0591e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F94 | 9748 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.