MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, with a critical heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK indicating that at least one URL, https://ttraff.com/pify?keyword=a+tutorial+on+support+vector+machines+for+pattern+recognition+pdf, leads to malicious infrastructure. Another critical heuristic, PDF_SEO_LINK_FARM, indicates the document is part of a scheme to generate a mass of external PDF links, likely for SEO manipulation or to distribute malicious content. The ML classifier also strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=a+tutorial+on+support+vector+machines+for+pattern+recognition+pdf
- http://files.simonbland.com/uploads/1/3/0/7/130776120/7735847.pdf
- http://files.upcountryfarms.com/uploads/1/3/2/6/132680949/bfe32cf4fb2c05.pdf
- http://files.similandiveguide.com/uploads/1/3/1/8/131871558/b419a.pdf
- http://files.cornwallamillionactsofsanctuary.com/uploads/1/3/2/7/132740892/takujemoresebida.pdf
- https://cdn.shopify.com/s/files/1/0430/9286/9281/files/70247394310.pdf
- https://cdn.shopify.com/s/files/1/0431/4673/9878/files/tepusepu.pdf
- https://cdn.shopify.com/s/files/1/0432/6011/7160/files/tixogobebujoxizuxukufefuj.pdf
- https://cdn.shopify.com/s/files/1/0428/8937/9993/files/88198334532.pdf
- https://cdn.shopify.com/s/files/1/0435/3448/3605/files/davv_cet_2020_notification.pdf
- https://cdn.shopify.com/s/files/1/0444/6031/0695/files/esclerosis_multiple_causas.pdf
- https://cdn.shopify.com/s/files/1/0431/3966/1981/files/93264238824.pdf
- https://cdn.shopify.com/s/files/1/0429/7133/2767/files/bipinujujuwom.pdf
- https://cdn.shopify.com/s/files/1/0433/7506/7297/files/tatasogejutupaje.pdf
- https://cdn.shopify.com/s/files/1/0431/2068/9306/files/zijumifaxitibipusolulo.pdf
- https://cdn.shopify.com/s/files/1/0433/6268/0984/files/heroes_of_might_and_magic_5_cheats.pdf
- https://cdn.shopify.com/s/files/1/0431/9048/5150/files/biogeochemical_processes.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0429/7133/2767/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006bd7.bin0e5561880d162be1d5f7b032c1abdbe41c440ec9f1e935273dfc88abc25e5cb9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BD7 | 5620 bytes |
font_01_sfnt_off00007ed3.binb5f79205ee99f5f0185a903d690e3dbcef8c2f7a83f0e8211f15822d8937239c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7ED3 | 9964 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.