MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a lure related to a 'Mitsubishi outlander 2010 service manual' and embeds a link that redirects to a known malicious domain (ttraff.com). This indicates a phishing or social engineering attack aimed at tricking the user into visiting a compromised site. The presence of numerous other links, many pointing to benign Shopify URLs, suggests a link farm or SEO poisoning tactic to obscure the malicious redirector. No scripts were extracted, limiting the analysis of further payload delivery.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=mitsubishi+outlander+2010+service+ma
- https://cdn.shopify.com/s/files/1/0437/6988/8920/files/find_the_wavelength__of_the_80.0-khz_wave_emitted_by_the_bat.pdf
- https://cdn.shopify.com/s/files/1/0431/8432/4770/files/35286609044.pdf
- https://cdn.shopify.com/s/files/1/0434/6557/2514/files/barriers_to_learning.pdf
- https://cdn.shopify.com/s/files/1/0434/9073/8328/files/filehippo_merge.pdf
- https://cdn.shopify.com/s/files/1/0430/4296/3613/files/peptic_ulcer_disease_guidelines.pdf
- https://cdn.shopify.com/s/files/1/0431/2009/9488/files/bedokebuperet.pdf
- https://cdn.shopify.com/s/files/1/0434/8785/4749/files/jeniponixe.pdf
- https://cdn.shopify.com/s/files/1/0433/6533/5208/files/kodukij.pdf
- https://cdn.shopify.com/s/files/1/0439/0413/9416/files/lakenorubaranux.pdf
- https://cdn.shopify.com/s/files/1/0428/9645/7884/files/11793094291.pdf
- https://static.usrfiles.com/ugd/b8c837_74487c5bcda54da7bfe0a2637c3759d9.pdf
- https://static.usrfiles.com/ugd/b8c837_be43e3f1c62e4d03850889c24c0edb5f.pdf
- https://static.usrfiles.com/ugd/79cb75_2f8963dc62734b8e9464edc868e0ac1a.pdf
- https://static.usrfiles.com/ugd/d216cb_8234e502295c4fb483910b7739df1e39.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000628c.bin473a8c8dfcb1bcb29704c64d2e8c7295acdfbd11f909548429f5d2447215e483 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x628C | 5708 bytes |
font_01_sfnt_off000075cb.bin1828fed882f41d9ba73d05a68f2a5f86c2e17350e1abab82212b95862a4fd726 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75CB | 15472 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.