MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, a technique often used to create link farms for SEO manipulation or to obscure malicious destinations. One of the primary links points to a known malicious redirector, ttraff.cc, which is likely intended to lead the user to a malicious site. The document body, though heavily obfuscated, contains the target URL, reinforcing the malicious intent. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=the+frame+tv
- https://static.usrfiles.com/ugd/4b7290_71f67635059a4015b4ec79f8934ca718.pdf
- https://static.usrfiles.com/ugd/b8c837_7e02755ea7f64cb2ba3cd4a7f15fa134.pdf
- https://static.usrfiles.com/ugd/b8c837_3d459e0df3594179a2af038a8a62afd7.pdf
- https://static.usrfiles.com/ugd/68ec51_be195c8b680e46aabe23140b68cee5d8.pdf
- https://static.usrfiles.com/ugd/b8c837_60ba390690174b53b9191859c809e2a3.pdf
- https://static.usrfiles.com/ugd/3e9e83_51b7e8fa77d44d05a81f3ffd39cf4732.pdf
- https://static.usrfiles.com/ugd/de60da_52f1e279a45a4e688e7c9f942741ab15.pdf
- https://static.usrfiles.com/ugd/b8c837_3cba043c14bd4ee79519e9e6063bc1b0.pdf
- https://static.usrfiles.com/ugd/f09a9d_a6d130e6d97747eba1df939f86a892b5.pdf
- https://static.usrfiles.com/ugd/e3325f_114abd8196b44c24b63c3f599b570845.pdf
- https://static.usrfiles.com/ugd/b8c837_ef1531130b8740b3b675943f0c4e103c.pdf
- https://static.usrfiles.com/ugd/837d34_740295abbb834a32b010b1fcde2036fe.pdf
- https://static.usrfiles.com/ugd/3e87bf_4f1ebadde48a43c091298c703e311c60.pdf
- https://static.usrfiles.com/ugd/ee9d3f_4a7e250816394dbca678b983d8959c99.pdf
- https://static.usrfiles.com/ugd/f96b02_4c488a11f729436fb63234ff0e166ebe.pdf
- https://static.usrfiles.com/ugd/078c79_c28a1b46bfc4434fac6f798cbfd84d95.pdf
- https://static.usrfiles.com/ugd/cc089a_7cfba0c60e764aedb51db42f6a669d47.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006961.bin272f175eac9391583fbd41c5eedcc8ff060ade5b39f8109041ba78c352a2c786 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6961 | 4808 bytes |
font_01_sfnt_off000079a4.bin6bab08dba15533e39a86513636b4761b5a0dfd71e993c9eb7d611361a39e60e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x79A4 | 10896 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.