MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass external link farm, with one URL specifically leading to a malicious redirector. The document body, though heavily obfuscated, contains the text 'Romeo and juliet act 2 questions and answers pdf' and the malicious URL, suggesting a lure to trick users into clicking the link. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=romeo+and+juliet+act+2+questions+and+answers+pdf
- https://e0775da4-1a80-41a3-bcce-284b244ef21b.filesusr.com/ugd/4329d7_001af320dbbd4db6aa9f83f99b4402a5.pdf?index=true
- https://bdeeb94d-6e2e-46e7-aca6-da0c6e6c8841.filesusr.com/ugd/b463f2_f1cb1c406d1f45cd825feeb287e099cf.pdf?index=true
- https://dbfe5f5c-f6e5-4236-8a9f-6dc17ba6af37.filesusr.com/ugd/80bfa9_b2b519894e3c4755b02a9639df5b19a2.pdf?index=true
- https://ec8c1ecb-4c87-4807-b1dd-65a90b869df1.filesusr.com/ugd/89064d_10709abdd53f4e83b4b3013590ee4609.pdf?index=true
- https://27f2bd3a-5120-4de9-a39a-03cdb1251a2a.filesusr.com/ugd/565485_c8462006603d41ae80868daa6719b809.pdf?index=true
- https://87abbf3c-220e-4f82-813a-c3ac0df448fb.filesusr.com/ugd/f91cf1_a2e1902e21ac4be88024b48c92a35c0e.pdf?index=true
- https://65de848e-d464-464c-be7d-7e63fa8691b1.filesusr.com/ugd/3ed902_bdbc49b3518d4198b2756a66f103adb2.pdf?index=true
- https://5155192b-3def-4987-9bb5-59ec1b359be5.filesusr.com/ugd/610d21_cf15904322114f04ae5da6ddca60aa8a.pdf?index=true
- https://cdn.shopify.com/s/files/1/0429/8375/1831/files/gapebepamunitibositivido.pdf
- https://cdn.shopify.com/s/files/1/0433/4610/0392/files/gopro_hero_7_white_quick_start_guide.pdf
- https://cdn.shopify.com/s/files/1/0431/7485/4812/files/industrial_ergonomics_case_studies.pdf
- https://cdn.shopify.com/s/files/1/0432/2613/6743/files/cds_eligibility_criteria.pdf
- https://1398cfc9-232d-4419-be97-da0fa905dff8.filesusr.com/ugd/5bb01c_abe4b2f2a18b4415b27735d9b50d8d81.pdf?index=true
- https://f9e93eb7-f703-4f5b-90b9-5a452d306726.filesusr.com/ugd/3be48b_acf5469df6bd47a9b34b91aa1080a1d8.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006262.bin3827ca16956a92020cebe543f51cef3d1305b19d56f1663f8f2b9f1ef2ff384f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6262 | 5732 bytes |
font_01_sfnt_off000075e9.bin21d86fd6c6bc6897dda560845625d397e207a6f339354fbc39c1bdc54cff64ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75E9 | 10104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.