MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link to a redirector, which is a common technique for delivering malicious payloads. The document body and heuristics indicate a lure for a 'free trial' of SPSS Amos, designed to entice users to click the malicious link. The PDF also hosts a large number of external links, suggesting a link farm for SEO poisoning or traffic generation.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=spss+amos+free+trial
- http://files.juliemidkiff.com/uploads/1/3/0/7/130776043/09110.pdf
- http://nunolete.noellegracephotos.com/uploads/1/3/0/7/130775126/7494927.pdf
- http://lawob.forestbrookstudios.com/uploads/1/3/0/9/130969478/juzuwalogugev.pdf
- http://files.georgysemenov.com/uploads/1/3/1/4/131406153/bofejod_topotebebuver_tozunuzuf.pdf
- http://files.marketprotech.com/uploads/1/3/1/3/131378899/67738.pdf
- https://cdn.shopify.com/s/files/1/0430/6049/4485/files/37480084027.pdf
- https://cdn.shopify.com/s/files/1/0437/2499/6758/files/55905904528.pdf
- https://cdn.shopify.com/s/files/1/0436/2344/8736/files/xiwozo.pdf
- https://cdn.shopify.com/s/files/1/0448/0558/7106/files/pneumonia_adalah.pdf
- https://cdn.shopify.com/s/files/1/0436/7400/9753/files/vonolajelilotipuvukej.pdf
- https://cdn.shopify.com/s/files/1/0429/1140/0102/files/wolf_river_fishing_report.pdf
- https://cdn.shopify.com/s/files/1/0438/8493/7384/files/can_t_stop_bass_tab.pdf
- https://cdn.shopify.com/s/files/1/0434/5207/2086/files/dazumavokekoso.pdf
- https://cdn.shopify.com/s/files/1/0437/6150/0309/files/vbu_b_tech_syllabus.pdf
- https://cdn.shopify.com/s/files/1/0429/0537/0787/files/bhagavad_gita_telugu_meaning.pdf
- https://cdn.shopify.com/s/files/1/0431/9245/1232/files/preposition_of_time_exercises_with_answers_doc.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004c8d.bin6414ba9e134a3b908346e4ff2f0c77cebe91dfe8fe8a55a90a0808efc840d450 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4C8D | 5148 bytes |
font_01_sfnt_off00005df3.binc8ca4ca3f2be3e833c4b806083f184585b58b4cfc1b26628b2c2f7683b136930 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5DF3 | 10012 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.