MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link pointing to 'ttraff.com'. The document body, though heavily obfuscated, also contains this URL and numerous other links hosted on Shopify, suggesting a link farm or redirection strategy. The primary attack pattern involves luring users through a seemingly innocuous link, likely leading to a phishing or malware download page.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=chhello+divas+gujarati+movie
- https://cdn.shopify.com/s/files/1/0431/3533/6605/files/lonoxelebitapebazakag.pdf
- https://cdn.shopify.com/s/files/1/0438/7130/5883/files/29478336563.pdf
- https://cdn.shopify.com/s/files/1/0431/1059/6765/files/autolesiones_en_adolescentes_en_mexico.pdf
- https://cdn.shopify.com/s/files/1/0437/0418/9096/files/govov.pdf
- https://cdn.shopify.com/s/files/1/0431/5371/9452/files/97201454623.pdf
- https://cdn.shopify.com/s/files/1/0433/5462/0054/files/transferring_contacts_from_android_to_iphone_x.pdf
- https://static.usrfiles.com/ugd/921909_20f2e41b118846e495655d8d134cc715.pdf
- https://static.usrfiles.com/ugd/c2007e_e6d8a7b2d124468093a83244aefbd216.pdf
- https://static.usrfiles.com/ugd/d954c5_c7e8bdfd82644c2fa8d96b63fb6e203a.pdf
- https://static.usrfiles.com/ugd/6cf804_1be240195e634c93beda372c7d0d15eb.pdf
- https://static.usrfiles.com/ugd/b28561_63a6e76364644416a12b23ca6fac58d5.pdf
- https://static.usrfiles.com/ugd/b5472a_79b53ca22b024d549afb26ae3e8d2436.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000082ce.bin6e351d2ec34738be50dd5ec37ca4fb7dfd4511f654a4c57d3031107425a26c7a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82CE | 5176 bytes |
font_01_sfnt_off00009478.binab76c3866ce5ac1eb4c6814af05046947f6b0df0aed6ef23fbbe53e8e74bd7f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9478 | 8324 bytes |
font_02_sfnt_off0000af56.bin91957b49f877b44248bc8c3a021e6e737191f1ecb97c6ff82361981a8743595f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAF56 | 14516 bytes |
font_03_sfnt_off0000dcb2.binead7fd593d7f5feef6f283420e9b55f8fa4552f107c64b0063d474dd3355abd8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDCB2 | 16164 bytes |
font_04_sfnt_off0000f1cb.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF1CB | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.