MALICIOUS
152
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.001 Spearphishing Attachment
T1071.001 Web Protocols
The PDF file contains numerous embedded links, with a critical heuristic firing indicating a link to known malicious redirector infrastructure at 'https://ttraff.ru/pify?keyword=website+privacy+policy+template+australia+free'. Another critical heuristic identified a large number of external PDF links, suggesting a link farm. The ML classifier also strongly indicated maliciousness. The document body, though heavily obfuscated, contains the same redirector URL, reinforcing the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=website+privacy+policy+template+australia+free
- http://files.goodbless.us/uploads/1/3/0/9/130969424/xopixedawareda-wowukutozi-fevasutu-sekaligupoxijek.pdf
- http://files.harrisontheatre.com/uploads/1/3/0/7/130776276/5018efd9.pdf
- http://files.speedypawsagility.com/uploads/1/3/1/6/131606631/zuzelakenaked.pdf
- http://melojesep.mooserange.com/uploads/1/3/0/7/130738950/luwaleg.pdf
- http://files.touchofhaven.ca/uploads/1/3/1/3/131381722/romisejunuva.pdf
- https://cdn.shopify.com/s/files/1/0440/0427/8422/files/fake_pay_stub_template.pdf
- https://cdn.shopify.com/s/files/1/0429/9040/3737/files/76542072155.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/3365514284.pdf
- https://cdn.shopify.com/s/files/1/0429/6887/5157/files/bewavudupajuruf.pdf
- https://cdn.shopify.com/s/files/1/0435/4847/5541/files/winafoj.pdf
- https://cdn.shopify.com/s/files/1/0432/8158/0200/files/zuzasarevojekaruxo.pdf
- https://cdn.shopify.com/s/files/1/0432/1355/3827/files/black_and_decker_20v_weed_eater.pdf
- https://cdn.shopify.com/s/files/1/0430/4673/1930/files/77925241917.pdf
- https://cdn.shopify.com/s/files/1/0432/6568/7717/files/bible_quiz_questions_and_answers_in_tamil.pdf
- https://cdn.shopify.com/s/files/1/0430/1747/0101/files/how_to_make_veinminer_work_on_everything.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c295.bine8f3459d8beb9ce541ea8ad366b803cf0bf73e52fd9366be54517935588ffe55 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC295 | 5476 bytes |
font_01_sfnt_off0000d52f.bin865010bfb986342111159d3c175ce18fa04b6264d5eb38ca8d5073671181bd50 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD52F | 10632 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.