MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.link/pify?keyword=html5+splash+page+template+free'. Additionally, a PDF link farm heuristic indicates the document is part of a larger effort to distribute malicious links. The ML classifier strongly supports the malicious verdict. The document body, though heavily obfuscated, contains the same redirector URL, reinforcing the lure.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=html5+splash+page+template+free
- https://static.usrfiles.com/ugd/756799_295c200fcf8f4b15a31ae152431ac052.pdf
- https://static.usrfiles.com/ugd/ed2d23_9ccb0b8934f84ce39309163667e66f82.pdf
- https://static.usrfiles.com/ugd/374ce0_5521426c357748179d96beddca3c9ed0.pdf
- https://static.usrfiles.com/ugd/c0518c_7006533aa8cd42ce8160572cf3ae450b.pdf
- https://static.usrfiles.com/ugd/a98ecc_32ce66581d6044f1bfac6bdbd0747c50.pdf
- https://cdn.shopify.com/s/files/1/0445/6284/1759/files/sepsis_new_definition_2020.pdf
- https://cdn.shopify.com/s/files/1/0429/7100/5082/files/24196918348.pdf
- https://cdn.shopify.com/s/files/1/0436/0624/5539/files/acrobat_reader_pro_verkleinern.pdf
- https://cdn.shopify.com/s/files/1/0437/8296/3361/files/82649573377.pdf
- https://static.usrfiles.com/ugd/e1c37d_4e49fe16b7bd4a62a396ec46fe0e6636.pdf
- https://static.usrfiles.com/ugd/868401_44fe9c82c4f142b1a364b676b747d56c.pdf
- https://static.usrfiles.com/ugd/607883_9d35be9138f74289a7b9d0de36ac8b8b.pdf
- https://static.usrfiles.com/ugd/b8c837_3ae7500b4a6e419fb4371d4f923e6e19.pdf
- https://static.usrfiles.com/ugd/6846fe_45aac159e7c04b20a016943a5598eeff.pdf
- https://cdn.shopify.com/s/files/1/0432/6948/8798/files/prueba_de_antiglobulina_indirecta.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/13908697451.pdf
- https://cdn.shopify.com/s/files/1/0432/3350/9534/files/chesapeake_public_schools_calendar.pdf
- https://cdn.shopify.com/s/files/1/0431/4185/7448/files/tevokabafukebirudakajo.pdf
- https://cdn.shopify.com/s/files/1/0428/3603/3695/files/containment_bay_s1t7_extreme_guide.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00016a09.bin6fa2cdb7fa0b226331e31cb10f8f0338c1f3aef2fcf314af73973be6e9cb0583 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16A09 | 5400 bytes |
font_01_sfnt_off00017c3f.binba8c9d5ae53e2dda6b1aafdbd6a4e8b3c8da774453acd08fefdcb480a99ef9e7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17C3F | 10352 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.