MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.002 Spearphishing Attachment
T1071.001 Web Protocols
The PDF contains embedded JavaScript and multiple links, including one pointing to a known malicious redirector at 'https://ttraff.cc/pify?keyword=2013+ford+edge+reviews+consumer+reports'. The presence of a link farm suggests an attempt to manipulate search engine results or distribute malicious content. The embedded JavaScript likely facilitates the redirection or further payload delivery.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=2013+ford+edge+reviews+consumer+reports
- http://files.floriaanwent.com/uploads/1/3/0/8/130874496/d20b775e261813e.pdf
- http://files.montessorilawrence.org/uploads/1/3/0/9/130969158/tiluzep-busijo-feriguxu-fivipabo.pdf
- http://files.campusco-lab.com/uploads/1/3/1/3/131398336/tejegero.pdf
- http://files.aerosportoutfitter.com/uploads/1/3/0/9/130969607/nilulowenoro-turiwefef-favijatazogab-lidiw.pdf
- http://pobotina.cielocastlepines.com/uploads/1/3/1/0/131071181/b122f2e6a88a7bf.pdf
- https://cdn.shopify.com/s/files/1/0429/4829/6863/files/482044533.pdf
- https://cdn.shopify.com/s/files/1/0435/1646/1211/files/80123070766.pdf
- https://cdn.shopify.com/s/files/1/0437/0441/8455/files/bloodborne_dungeon_trophy_guide.pdf
- https://cdn.shopify.com/s/files/1/0431/1613/4562/files/giredesupow.pdf
- https://cdn.shopify.com/s/files/1/0432/2335/1458/files/susonozevijaguropemekoj.pdf
- https://cdn.shopify.com/s/files/1/0433/8191/5802/files/notiwirebajogorugukezi.pdf
- https://cdn.shopify.com/s/files/1/0432/2482/6014/files/xiturixasegexoxowiwa.pdf
- https://cdn.shopify.com/s/files/1/0435/5942/0063/files/26056731548.pdf
- https://cdn.shopify.com/s/files/1/0432/9200/0412/files/advanced_excel_course_online.pdf
- https://cdn.shopify.com/s/files/1/0434/2428/4824/files/rental_agreement_format_in_tamil_free_download.pdf
- https://cdn.shopify.com/s/files/1/0430/6858/8194/files/41875679648.pdf
- https://cdn.shopify.com/s/files/1/0427/4877/2519/files/mezejemune.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007521.bin3db7f681a9d7d79ff8ffc888bb7093347abdc4c7b8b39c5c608d37b87a970ed4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7521 | 5780 bytes |
font_01_sfnt_off000088cd.binc92c0bbee8edf914d2deda493f624c8a3249e5b2e17a7b19bf429493dfd3b741 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x88CD | 10552 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.