MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous embedded links, with a critical heuristic firing for a malicious redirector. The primary link directs to 'ttraff.com', a known malicious redirector, which then likely leads to further malicious content or downloads. The document body itself contains text related to the link's purported content, suggesting a lure to trick users into clicking the malicious URL. The ML classifier also strongly indicated maliciousness.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=expressing+possibility+probability+and+certainty+exercises+pdf
- http://files.mischiefprojections.com/uploads/1/3/1/8/131857565/lalil.pdf
- http://lujokiso.kylesurges.com/uploads/1/3/1/4/131453574/a67a201f9dd2.pdf
- http://zorifej.puzzlesandbraingames.com/uploads/1/3/1/4/131453674/6153060.pdf
- https://cdn.shopify.com/s/files/1/0428/2833/3219/files/buburanorojiwabateveja.pdf
- https://cdn.shopify.com/s/files/1/0433/3957/9546/files/automatic_plant_irrigation_system_using_microcontroller.pdf
- https://cdn.shopify.com/s/files/1/0431/4241/4493/files/13081764416.pdf
- http://files.progstock-store.square.site/uploads/1/3/0/7/130775171/xugubufif.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/3365514284.pdf
- https://cdn.shopify.com/s/files/1/0431/6663/0050/files/call_of_duty_ghost_hacks.pdf
- https://cdn.shopify.com/s/files/1/0437/3915/2536/files/1000_ms_to_seconds.pdf
- https://cdn.shopify.com/s/files/1/0435/1760/8090/files/atomic_number_of_elements_from_1_to_30.pdf
- https://cdn.shopify.com/s/files/1/0434/0845/7877/files/75784020047.pdf
- https://cdn.shopify.com/s/files/1/0431/4320/0929/files/rawigirafekifoza.pdf
- https://cdn.shopify.com/s/files/1/0434/7992/4902/files/76033022149.pdf
- https://cdn.shopify.com/s/files/1/0434/6177/1430/files/imagenes_para_colorear_mandalas.pdf
- https://cdn.shopify.com/s/files/1/0434/7399/3890/files/karoxevoselegopini.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005cfa.bin876fd7a12b85cecdbe033accdcf26a0ea7b7a5e624492b422b06abe280e550b7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5CFA | 5592 bytes |
font_01_sfnt_off00007012.bind0d50149ff17836bdeb4012086aa531411977229d76e30572fcb2829bcc2c211 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7012 | 10456 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.