MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.link/wix?keyword=android+device+manager+find+my+mobile'. This, combined with a PDF link farm heuristic, indicates a likely attempt to redirect users to malicious content. The ML classifier also strongly flagged this PDF as malicious. No scripts were extracted, but the embedded URLs and heuristics suggest a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=android+device+manager+find+my+mobile
- https://static.usrfiles.com/ugd/dcf311_185db80825a64622b1c86c4415d0e08a.pdf
- https://static.usrfiles.com/ugd/948cea_9d3fce7a237c4fe4aedf84ac475c0d84.pdf
- https://static.usrfiles.com/ugd/b8c837_508eca07613e405485a54498daf816ec.pdf
- https://static.usrfiles.com/ugd/05e3ad_077648262bc74186bd9c882f17c8a985.pdf
- https://static.usrfiles.com/ugd/3bf302_9f6f54cbedd7440f98ac288e670ed368.pdf
- https://static.usrfiles.com/ugd/3a38e0_22fffea1f692410f860fb5dbaad66e16.pdf
- https://static.usrfiles.com/ugd/8d57bd_69bfefaaa6f845bcb218b91302929b54.pdf
- https://static.usrfiles.com/ugd/b8c837_b88d3958e0544203acd54e37eeedbea4.pdf
- https://static.usrfiles.com/ugd/3b47cb_a4b33a25e1394e81af33421ee1bd41c0.pdf
- https://static.usrfiles.com/ugd/ecec20_4c4fca955a404e76b136adec0d58ba58.pdf
- https://static.usrfiles.com/ugd/b8c837_cf1211828fd346e0962d8d01b83deb79.pdf
- https://static.usrfiles.com/ugd/ec0012_97029f40d22e44da9a4bd59795f68442.pdf
- https://static.usrfiles.com/ugd/108936_a8b9db3558654b40b2e727c9df7ac95c.pdf
- https://static.usrfiles.com/ugd/b8c837_caba378897434a4e9a4c7be3dabc2fbf.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007998.binbb8c446ae5a4cdea93cae9df0a9c2851f77a59f917ed0aa5bda4ab1b5daaef11 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7998 | 5452 bytes |
font_01_sfnt_off00008c20.bin9504b84ebdab70daafe0b52bee399016782f4eade92db733f46a38ef9405adfe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8C20 | 9980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.