MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.cc/wix?keyword=cara+carding+amazon+di+android'. The document body, though heavily obfuscated, contains this URL and text related to 'carding amazon di android', suggesting a lure for malicious activity. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=cara+carding+amazon+di+android
- https://cdn.shopify.com/s/files/1/0435/1279/1192/files/graham_crackers_nutrition.pdf
- https://cdn.shopify.com/s/files/1/0437/9010/6775/files/24860557643.pdf
- https://cdn.shopify.com/s/files/1/0429/8945/3473/files/34859290506.pdf
- https://cdn.shopify.com/s/files/1/0437/0884/2152/files/mexasolilivajajaf.pdf
- https://cdn.shopify.com/s/files/1/0430/5803/6889/files/xeneb.pdf
- https://static.usrfiles.com/ugd/b8c837_708fe6c2d1b544dd839c8f4c871f41a5.pdf
- https://static.usrfiles.com/ugd/b8c837_d070095069b0479f9e27e801630fc0bd.pdf
- https://static.usrfiles.com/ugd/4ae4db_14019445d7f8421d9b8cf851ec254e43.pdf
- https://static.usrfiles.com/ugd/b8c837_d2eecdee29784c1c8d0bee0c9c889d87.pdf
- https://static.usrfiles.com/ugd/48f461_dec66c122ccd49d9a5230ad1bba8cc17.pdf
- https://static.usrfiles.com/ugd/cc14e4_d44329f84ef0415c982275d1a6a7b4d9.pdf
- https://static.usrfiles.com/ugd/0dcf4b_e2ac9b71ad97486f87126b424ca6a8f0.pdf
- https://static.usrfiles.com/ugd/234f58_4e88fd9a89ef46d3bceb25c58476e897.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006809.bin2025a9dac93c8641184ec1a6e09ad081a0b79ef37f019c0967f2f9a6f7b4ec9e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6809 | 5004 bytes |
font_01_sfnt_off000078b8.bin855d3ce064490181929640b632440e7741b7edf046f4f70936ae7346316ff345 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x78B8 | 2900 bytes |
font_02_sfnt_off0000834e.binbebb65cadc060784a4e7d6d98e11b81b927ec9f98f87e441eb3076470aee7b10 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x834E | 2188 bytes |
font_03_sfnt_off00008d32.binc366ea450174cc9dd0941627b13a0aa79fce7429977c4b18c76c6816327be31d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8D32 | 11444 bytes |
font_04_sfnt_off0000b365.bindff2d7877aca2d8bd1e056cfb7ff8c13f2f014f6b2feb52c6af078941c853db7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB365 | 16992 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.