MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, many of which point to a redirector service. The primary heuristic firing indicates that the document links to known malicious redirector infrastructure. The presence of a link farm and a malicious redirector suggests the document's purpose is to lure users to a malicious site, likely for phishing or malware delivery. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=polder+digital+meat+thermometer+manual
- https://cdn.shopify.com/s/files/1/0432/5353/0782/files/where_to_buy_ingenuity_bassinet_sheets.pdf
- https://cdn.shopify.com/s/files/1/0484/9552/6049/files/ruger_mark_ii.pdf
- https://cdn.shopify.com/s/files/1/0431/2252/4326/files/97989333247.pdf
- https://cdn.shopify.com/s/files/1/0432/0103/6443/files/avancemos_2_leccion_preliminar.pdf
- https://8c07d5a7-5761-406a-a493-a0be3d577ec4.filesusr.com/ugd/d90490_25a309ecaeb54c46ac998cc01a66436e.pdf?index=true
- https://212f5261-7ff5-474d-bf91-e573862e07ea.filesusr.com/ugd/7a11b0_8ad1c8095a794277a1d7d79e8926e4c2.pdf?index=true
- https://9f8d9ec8-596f-445c-aecb-c278ca954311.filesusr.com/ugd/704566_9760421246e94e48b1be35addb34a006.pdf?index=true
- https://660062cf-c019-4606-b502-78790cced978.filesusr.com/ugd/dec231_10849f5fa66b43dd84a41b02aa1d05ef.pdf?index=true
- https://97013909-1267-4ff1-aad8-ddf4c9296042.filesusr.com/ugd/95b9ea_0b0f3f1b66774679b17ce88eaf6f3c36.pdf?index=true
- https://ff5883a1-b846-4eca-9b26-491534f9e89e.filesusr.com/ugd/a98ecc_8351ad33db504767a099de948b1ca305.pdf?index=true
- https://a78afe43-7506-4336-8314-861b8d099421.filesusr.com/ugd/e2c223_bf486c0a3e9c4625bf57fc037ef0f879.pdf?index=true
- https://a2d87f0b-cd76-487e-a142-575f87bc7d5b.filesusr.com/ugd/fafc38_a56813793d294e80b53a507d77957dde.pdf?index=true
- https://9de44e3c-ec1e-44e0-9801-660a9b54d5e8.filesusr.com/ugd/d2759c_105c562d9985424ba60e833095b5fae2.pdf?index=true
- https://0bcbceab-0057-40b8-873c-a17f637200f1.filesusr.com/ugd/03a576_038718d4c6e641b7823046bbd7700ecc.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e94c.bin5a4e80f56de8d82a0b393a66c9e86c29ed2449e0581ecef3ebb09467e45f313d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE94C | 5060 bytes |
font_01_sfnt_off0000fa4d.bin149f65137365cdca57fe032e906ebbe6000562172447dc7c3105267aa3cd54ca |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA4D | 14944 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.