MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.me/123?keyword=raft+survival+ultimate+game+guide'. Additionally, another critical heuristic indicates a PDF link farm, with the primary URL being 'https://uploads.strikinglycdn.com/files/cbe5a6a8-d168-4b0c-975c-bd53a064a60d/33147997473.pdf'. The ML classifier also strongly flagged this PDF as malicious. The document body, though partially corrupted, contains the same redirect URL, reinforcing the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/123?keyword=raft+survival+ultimate+game+guide
- https://noxepelobisuse.weebly.com/uploads/1/3/1/8/131871648/ad10aa90756.pdf
- https://luwobidope.weebly.com/uploads/1/3/0/8/130814225/judabusofe-pikes-kudej.pdf
- https://fidegobopoj.weebly.com/uploads/1/3/2/8/132815019/kokovuso.pdf
- https://goduvozimaku.weebly.com/uploads/1/3/1/3/131380582/bdc79a9ff18576.pdf
- https://uploads.strikinglycdn.com/files/cbe5a6a8-d168-4b0c-975c-bd53a064a60d/33147997473.pdf
- https://uploads.strikinglycdn.com/files/b22f80a0-a90f-4179-8064-3d148bc37b54/89890911869.pdf
- https://uploads.strikinglycdn.com/files/d3c27e1c-1209-40c5-9f9b-81a06454e53c/46679961693.pdf
- https://uploads.strikinglycdn.com/files/4f411a0e-f4b0-4b59-b595-d8d72bc30c61/werovatipekab.pdf
- https://uploads.strikinglycdn.com/files/8bf1eb90-11ab-4146-9b6e-e950a68a110a/57549307372.pdf
- https://uploads.strikinglycdn.com/files/f1aa3a61-4970-4e03-b2c3-2fad31f15a3b/fikukuzebatiwibiw.pdf
- https://uploads.strikinglycdn.com/files/76db22c1-0c91-4645-9312-49e96a2c5535/mipilulakomez.pdf
- https://uploads.strikinglycdn.com/files/e103110a-dbf1-4237-9548-307e94d6ce89/juxunemepexejifi.pdf
- https://uploads.strikinglycdn.com/files/872bb959-04d9-4da4-a451-8eda12416aeb/noramolanazusufuzar.pdf
- https://uploads.strikinglycdn.com/files/27928352-58c1-4397-9f30-f01ed66b1ff9/zafasofi.pdf
- https://uploads.strikinglycdn.com/files/c4e1f9aa-d169-4048-97fd-6a71e3ec33dc/molejenudago.pdf
- https://uploads.strikinglycdn.com/files/fce70fa3-27d7-43d1-8b36-5a3a43526eaa/star_wars_legacy_comics.pdf
- https://uploads.strikinglycdn.com/files/ce1204ce-9eb1-4909-9b7b-d93dc2271bb8/18242431488.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://uploads.strikinglycdn.com/files/c4e1f9aa-d169-4048-97fd-6a71e3ec3
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000743a.bin86241641a02d6326d61901fb480f7403343f714627998706104cce638757c3e0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x743A | 5292 bytes |
font_01_sfnt_off00008627.bina663024b9e69cda2e4e250b68b9b2d00aafa65ce550d506c601a9a437fe98ee3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8627 | 10420 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.