MALICIOUS
150
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a malicious redirector link disguised as a free download for 'All the bright places pdf download free'. This link, https://ttraff.club/wix?keyword=all+the+bright+places+pdf+download+free, is designed to lead users to potentially harmful content. The presence of numerous other PDF links further suggests a link farm or SEO manipulation tactic to increase visibility and clicks. The ML classifier strongly flagged this PDF as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=all+the+bright+places+pdf+download+free
- https://d8b3e115-1e97-4109-a785-52592c60dafe.filesusr.com/ugd/60ffa2_0d395df73477453ba28e91d3e1e802e9.pdf?index=true
- https://9cc86830-7d0d-42c1-8e6b-31cfdc5bdea0.filesusr.com/ugd/1d5a3f_68ed93776b9c43e5ab32f7efc944cf06.pdf?index=true
- https://5c6d2a0a-2b44-4f3a-86b6-f4f52c7c6411.filesusr.com/ugd/46bfb0_d1ab7793ac9f4d509e49559a14e43ad0.pdf?index=true
- https://bee726c2-386c-49dc-a8f6-99c9e587109e.filesusr.com/ugd/fbccce_767fcc7ce93040739f2612dab7e4acfa.pdf?index=true
- https://cdaef46c-5d12-435e-8401-cbb200f0cce3.filesusr.com/ugd/003b86_63bec4da396b4c2a9a6b582ac89dcab0.pdf?index=true
- https://0fb93d26-77a6-486e-aa58-469e12faa77c.filesusr.com/ugd/e42c35_c46b234b004945f89b6c41934248d2e5.pdf?index=true
- https://a35c3095-4a52-4e9e-b6c6-32c517e3c7d2.filesusr.com/ugd/0cd3a8_cf6e8fd7080d42ada6a958f584c6f597.pdf?index=true
- https://bacf5ef5-5827-4cb1-a3ca-9aba3095d0ab.filesusr.com/ugd/f2c1dc_671e8878ee2540849e765f90b852a269.pdf?index=true
- https://af515ab5-cf09-45e0-a83e-119793525d67.filesusr.com/ugd/3ceeb9_56faf643200c4d7a97602dfa366f9390.pdf?index=true
- https://f22eae66-c110-4c04-8221-04ceffcdcd4b.filesusr.com/ugd/52b593_138ea802c0ad4b699fb1f5622e262f68.pdf?index=true
- https://5012fbce-de05-46ae-a84e-d399978adcfe.filesusr.com/ugd/1e8759_dff64abcc098438a94b3328e16d36ff1.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/4391/2856/files/46075339567.pdf
- https://cdn.shopify.com/s/files/1/0432/2036/9567/files/first_aid_step_3.pdf
- https://cdn.shopify.com/s/files/1/0431/5371/9453/files/4724012927.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000054ca.bin52a00d7e7177fccf475282475b5cf12d97989edc759a2ebc1077e82384c49601 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x54CA | 5640 bytes |
font_01_sfnt_off000067fd.bina5f5268e4da8eba7d1cc0c922db1c73daa1acde8f54556c65f26d259c50a3a67 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67FD | 10292 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.