MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1200 Hardware Add-in
T1059.001 PowerShell
The PDF was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external PDF links, suggesting a link farm for SEO manipulation or phishing. The primary malicious URL identified is https://ttraff.link/wix?keyword=derek+prince+fasting+pdf. While the document body contains garbled text, the presence of embedded URLs and the heuristic firings strongly indicate a malicious intent to redirect users to harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=derek+prince+fasting+pdf
- https://40a25ff4-a3fc-4a84-8b2e-53c4dc162ee8.filesusr.com/ugd/98d33d_b2f357da65fc4e90a6c5089b16d158d8.pdf?index=true
- https://77066430-ce50-4945-9c09-5b7227beb2f5.filesusr.com/ugd/405339_1ad2d07d983d4f2086af504133798a32.pdf?index=true
- https://709a026c-a7d9-4d0c-97f5-fcbbf8b40ae3.filesusr.com/ugd/f2c1dc_466d1c728c344dc299370374a885f54d.pdf?index=true
- https://76905e35-f0e1-4db4-b805-200ab2b702e1.filesusr.com/ugd/98e2de_36a7338779714a0f858cb80014af66b8.pdf?index=true
- https://ec114128-32cf-4af1-876d-5799c143e619.filesusr.com/ugd/868b90_0fd288d676574aef934e1f18428303b5.pdf?index=true
- https://252348aa-8529-4716-b2c1-c06eafd4046e.filesusr.com/ugd/8bc2a6_07e59d9411e24e1e917f79c8b2b0e4b8.pdf?index=true
- https://f0218d1e-607e-4bec-b981-a1dd78d2cee1.filesusr.com/ugd/4bb894_8bd37692371744afb278a6cc398697f3.pdf?index=true
- https://54044966-6b1a-409b-99fd-3882664720f0.filesusr.com/ugd/97634b_af696f61c48746cdadd4bc65c4fb271e.pdf?index=true
- https://98c8f798-d4d5-4ed6-a4f4-040ee5bad0e8.filesusr.com/ugd/9117e0_458718c3079b4d9abb9216dcf6ef3986.pdf?index=true
- https://28805919-89dc-4fa3-8699-2ee2ea59d7f0.filesusr.com/ugd/8127dd_0d07eabe1dd549d9838f5decebd18247.pdf?index=true
- https://6e0a0114-3798-4e61-a479-fc39a3953890.filesusr.com/ugd/6fd45c_e3c9b24863e14f53b4fd40eac3d5a109.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000671b.bine7e97109724e9250f74ecdc0f80e836543587cc01c27865ceb96afd1b1361372 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x671B | 5352 bytes |
font_01_sfnt_off0000796a.bin84d9eee9ae8346f725963f1460f70e3374119f0a115665cdc3d89bc4355109e0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x796A | 10300 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.