MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, which points to a URL that appears to be a lure for downloading software. The document body, though heavily obfuscated, contains text fragments related to 'Pdf-xchange viewer pro' and 'keygen', reinforcing the social engineering pretext. The presence of numerous embedded links, many pointing to Shopify domains, suggests a link farm used for SEO poisoning or distributing malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=pdf-xchange%20viewer%20pro%202.5.198%20full%20download%20+%20keygen
- http://files.gunsgreenhouse.org/uploads/1/3/1/4/131406435/xazezel-feraparoxebepu-korowime-jeludafujuwude.pdf
- http://files.merredincrc.com/uploads/1/3/0/8/130814232/3020e6c0482d935.pdf
- http://files.marandihostetter.com/uploads/1/3/2/8/132814272/42f1bf.pdf
- http://files.turbochef-bay-area.com/uploads/1/3/1/4/131406885/8702937.pdf
- http://files.marandihostetter.com/uploads/1
- https://cdn.shopify.com/s/files/1/0432/4101/3412/files/kixikalidanigipinaletigi.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/mapitawaluzosamorexub.pdf
- https://cdn.shopify.com/s/files/1/0435/3831/7464/files/12864537773.pdf
- https://cdn.shopify.com/s/files/1/0427/4687/1974/files/fipanigetorufuba.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/dosadibevejigavo.pdf
- https://cdn.shopify.com/s/files/1/0430/1042/4993/files/jumesadinuxobijujinazo.pdf
- https://cdn.shopify.com/s/files/1/0434/4093/0968/files/xugakorurenaja.pdf
- https://cdn.shopify.com/s/files/1/0430/8815/0690/files/48852988042.pdf
- https://cdn.shopify.com/s/files/1/0433/4085/7494/files/tojulasabovigudezavokaj.pdf
- https://cdn.shopify.com/s/files/1/0435/8511/0171/files/30185374414.pdf
- https://cdn.shopify.com/s/files/1/0432/9875/0629/files/vijigogalasisibezunikug.pdf
- https://cdn.shopify.com/s/files/1/0433/0802/3966/files/97124552720.pdf
- https://cdn.shopify.com/s/files/1/0428/1230/9670/files/matitagikivozesapugeraxig.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000097ac.bina31d760be8bb2fd52427f1d0b88cdd73281ab7d2e539820912e63337bcf5c753 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97AC | 6148 bytes |
font_01_sfnt_off0000acb2.bin0b20509c8514d138d15d44782a6badb90e6235da7a36326dd08ee7b73b8bcb6f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xACB2 | 14748 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.