MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.ru/wix?keyword=imagen+de+corpus+christi'. Additionally, it exhibits characteristics of a PDF link farm, with numerous external links, including one to 'https://static.usrfiles.com/ugd/f84671_db8be3aa70ab44f381099302952117da.pdf'. The ML classifier also flagged this PDF with high confidence. The document body is heavily obfuscated and contains the malicious redirector URL, suggesting an attempt to lure the user to a harmful site.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=imagen+de+corpus+christi
- https://static.usrfiles.com/ugd/f84671_db8be3aa70ab44f381099302952117da.pdf
- https://static.usrfiles.com/ugd/a838c0_d1cf16d5bb354662b898ab11d707eee6.pdf
- https://static.usrfiles.com/ugd/b8c837_d1945de8c2834e48916708e4aeb9e4e6.pdf
- https://cdn.shopify.com/s/files/1/0460/3615/6575/files/3ds_bios_for_android_free_download.pdf
- https://cdn.shopify.com/s/files/1/0429/8938/7935/files/the_outsiders_book_online.pdf
- https://cdn.shopify.com/s/files/1/0447/7625/9735/files/calculus_by_thomas_11th_edition.pdf
- https://cdn.shopify.com/s/files/1/0432/7738/5892/files/24495473469.pdf
- https://cdn.shopify.com/s/files/1/0428/5405/6092/files/financial_accounting_weygandt_9th_edition.pdf
- https://static.usrfiles.com/ugd/b8c837_d345e268873f4e8cafee38c42d1886bc.pdf
- https://static.usrfiles.com/ugd/b8c837_9e79f68748764c67853f151d03d51f4b.pdf
- https://static.usrfiles.com/ugd/e6092c_5af621cc87a341899aefd456d6a2c8d9.pdf
- https://static.usrfiles.com/ugd/d94ae5_921365a059274ec1861a1a175b1dec48.pdf
- https://static.usrfiles.com/ugd/e2b09b_30b996da604c4985a873c804b44e500d.pdf
- https://cdn.shopify.com/s/files/1/0434/8359/4917/files/jurnal_tes_cfit.pdf
- https://cdn.shopify.com/s/files/1/0437/6123/8168/files/37647470721.pdf
- https://cdn.shopify.com/s/files/1/0432/1555/2672/files/antivirus_software_free_mcafee_full_version.pdf
- https://cdn.shopify.com/s/files/1/0431/8960/0414/files/40159782200.pdf
- https://cdn.shopify.com/s/files/1/0438/0839/1330/files/adobe_acrobat_reader_pro_9_free.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000519e.binab07c7a06d47218a74b889bc98565fa0cc32cb43588523f17a3f6fa1867efbc9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x519E | 5392 bytes |
font_01_sfnt_off000063b7.bine19ac8b909f972893ecbf898dbda5726df2aa4f18f5c1cb878ea9a2763f4d228 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63B7 | 10416 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.