MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.me/wix?keyword=android+auto+app+not+showing'. The document body, though heavily obfuscated, also contains this URL, suggesting the primary intent is to redirect the user to this malicious site. The PDF also contains a large number of external links, flagged as a link farm, which is a common tactic for SEO poisoning or distributing malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=android+auto+app+not+showing
- https://static.usrfiles.com/ugd/4b874d_db30b8fea7aa46f088d223804ae641bb.pdf
- https://static.usrfiles.com/ugd/538d67_102a15c5821245ba8ea2aec691d0b140.pdf
- https://static.usrfiles.com/ugd/917232_e33f9ebee0834acaba8927e24a29f208.pdf
- https://static.usrfiles.com/ugd/cafc24_0a7429e9c93847a69d07915997d3a69e.pdf
- https://static.usrfiles.com/ugd/45e30f_03c8e007894c4e1e948c4c80363d1425.pdf
- https://static.usrfiles.com/ugd/2f8cea_61b369813fd94f92894c725df645faa1.pdf
- https://static.usrfiles.com/ugd/72b0e7_231b2162670443f494d72823ee6d0abc.pdf
- https://static.usrfiles.com/ugd/a467d2_8980f061e6ba4a14b05a894a4118f250.pdf
- https://static.usrfiles.com/ugd/5b9a87_adb5b4edb174409a8f16e11018ea90e9.pdf
- https://static.usrfiles.com/ugd/b8c837_2da413f5cc3649dbbd2e5839352d23f0.pdf
- https://static.usrfiles.com/ugd/145364_da7432bfa78b44aa9f9b4fb88fc15ea3.pdf
- https://static.usrfiles.com/ugd/8ba634_06383d1511264a4c964538f7b172f868.pdf
- https://static.usrfiles.com/ugd/8b49c6_bf2827403fe845aaab8a67cf95747f60.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000062cd.bin0514b321fa6a83f8a36e8122f338ec82822dc76fffbe285bc411c514bf1c94a5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x62CD | 5272 bytes |
font_01_sfnt_off000074c7.bin31d040734465e30612d44d526946d0ce76c44aea5d2e46ad5110e425c52f4c97 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74C7 | 10472 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.