MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF was flagged by multiple critical heuristics for containing malicious redirector links and a large number of external links, suggesting a link farm for SEO manipulation or to distribute further payloads. The primary malicious URL identified is 'https://ttraff.link/wix?keyword=goodyear+assurance+comfortred+touring+review'. While no scripts were extracted, the sheer volume of links and the critical heuristic firings strongly indicate malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=goodyear+assurance+comfortred+touring+review
- http://jatep.peaceloveyogaindex.com/uploads/1/3/2/3/132302883/2076989.pdf
- http://jibiwu.idesign-furniture.com/uploads/1/3/0/7/130739061/5788267.pdf
- http://files.victoriawindowwashing.ca/uploads/1/3/0/8/130814329/nozolupik_guromogi_dutume.pdf
- http://files.alexjstampfl.com/uploads/1/3/0/8/130813639/luletexazibekek.pdf
- http://katedusos.aroundbend.com/uploads/1/3/2/6/132682006/vofox_lomarotozu_lawupetudanete_novonadak.pdf
- http://files.scotskirkparis.com/uploads/1/3/0/7/130738889/mazagisu_fixepomujav_pebofadazaka.pdf
- http://dibakovut.pl-productions.net/uploads/1/3/0/7/130740235/nawidadofifobetad.pdf
- http://files.dssmobile.org/uploads/1/3/0/7/130776103/2b8c8a.pdf
- http://files.genevieve-faulkner.com/uploads/1/3/0/7/130775528/329717f268e934b.pdf
- http://files.zionlutheranclark.com/uploads/1/3/1/4/131482886/kewuverogupegozuluj.pdf
- https://cdn.shopify.com/s/files/1/0435/2658/6522/files/81785656408.pdf
- https://cdn.shopify.com/s/files/1/0437/0654/8379/files/65918816031.pdf
- https://cdn.shopify.com/s/files/1/0481/6411/0489/files/pokemon_go_joystick_apk_2019_download.pdf
- https://cdn.shopify.com/s/files/1/0432/9832/4638/files/94306674664.pdf
- https://07af6802-7601-4db8-b345-e976c9af6671.filesusr.com/ugd/bdc04d_031f0813766a473cbab6df1240e9a348.pdf?index=true
- https://b05face3-527f-4031-99eb-b18d92bdf1f5.filesusr.com/ugd/0c268c_69074532e41e4a81b03596ce143a9f96.pdf?index=true
- https://62652d34-7e60-4542-af89-5d0b9fc2527e.filesusr.com/ugd/5ea691_73da6793fdd44749a8d71590d18e1de7.pdf?index=true
- https://19009227-0075-4c68-a212-e984f67ea548.filesusr.com/ugd/501a20_783c543bd8464e17b1baf8df808f85ce.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006f38.bine4c30f34adf5f20f290b72c806d519c90cf213b5301cd048bbc3bbb36a8198a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F38 | 5592 bytes |
font_01_sfnt_off0000824b.bin8b3edd1b0f0df6e816e0b756c2d5d55403e5e5093ee5bfce14f5ece81f908a0e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x824B | 10756 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.