MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link that redirects to malicious infrastructure, likely as part of a SEO-based link farm to distribute malware. The document body contains the same malicious URL, suggesting a lure to download a game. The PDF also exhibits characteristics of a password-protected archive lure, indicating a multi-stage attack.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=naruto+shippuden+clash+of+ninja+revolution+3+iso+direct+download
- https://static.usrfiles.com/ugd/a01749_f7c7421133074d00aa4bc08b3e8ebd67.pdf
- https://static.usrfiles.com/ugd/c7a620_0b9bd57291e94a4b9991c5709b909a86.pdf
- https://static.usrfiles.com/ugd/c0b427_ccf309ce3f134890bd236c9495ea1d46.pdf
- https://static.usrfiles.com/ugd/b8c837_96ef957819994517b88d579f13cb03cc.pdf
- https://static.usrfiles.com/ugd/b972d5_ebf15531155d49e5b2c930653ffd7cf3.pdf
- https://static.usrfiles.com/ugd/b8c837_ed2ec2532ab9414db6307d41b171cbf8.pdf
- https://static.usrfiles.com/ugd/b8c837_1008a45593a0482ba727a4884fcec52b.pdf
- https://static.usrfiles.com/ugd/b8c837_22b63078c113456380a9961e3a46eb28.pdf
- https://static.usrfiles.com/ugd/b8c837_86313ea7cb184f0ea31e33c1249df491.pdf
- https://static.usrfiles.com/ugd/d94ae5_dd26eaa891b54413b53bfa94990d4fcb.pdf
- https://static.usrfiles.com/ugd/12745a_899e4f05040d47cfa97923bcd7b5ed9d.pdf
- https://static.usrfiles.com/ugd/5b9a87_9cd2285abc694a4da4b4a024b6f770ae.pdf
- https://static.usrfiles.com/ugd/0049ca_fae2f8f22b694d738e11423cc12105f3.pdf
- https://cdn.shopify.com/s/files/1/0437/5235/8039/files/velafeguzolix.pdf
- https://cdn.shopify.com/s/files/1/0431/8609/4248/files/speak_softly_love_violin_sheet_music.pdf
- https://cdn.shopify.com/s/files/1/0427/9150/1990/files/pusijugavigijijasafagila.pdf
- https://cdn.shopify.com/s/files/1/0430/4191/5042/files/5831576972.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/72593533024.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00016dcc.bin36e9b9de7aebe1410415fc7dcc306f36812a463352cd0e632d8f50a72fb85546 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16DCC | 5604 bytes |
font_01_sfnt_off000180f3.bin0864bae731d5eca03dd67358b7b83a4324f2b099fe9aa23b6423c486e39de97f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x180F3 | 17568 bytes |
font_02_sfnt_off0001b71f.bin34270cd71d9551d05fe89db5b56d64e8263e9ec142360c36c60d794107ef88fe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1B71F | 16384 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.