MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to ttraff.ru. The document body, though heavily obfuscated, contains text related to a 'Pokemon emulator' and includes the malicious URL. Additionally, the PDF exhibits characteristics of a link farm, with numerous embedded URLs, many hosted on Shopify, suggesting an attempt to distribute content or traffic. The presence of a 'Browser extension / update installation lure' heuristic indicates a social engineering tactic to trick users into installing potentially harmful software.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=pokemon+emulator+android+ds
- http://files.richmondadvisors.net/uploads/1/3/1/4/131483336/faa3b9f1.pdf
- http://files.jhslearningcommons.org/uploads/1/3/1/4/131408209/3489893.pdf
- http://files.mysacredgrounds.com/uploads/1/3/1/6/131606072/rabikuzon-tidikejo-gogib.pdf
- http://files.sweetart.online/uploads/1/3/2/6/132696483/kolaj.pdf
- http://files.kelseyvoit.com/uploads/1/3/0/7/130740258/2753d7d047.pdf
- https://cdn.shopify.com/s/files/1/0435/6092/7393/files/alopecia_androgenica_en_mujeres.pdf
- https://cdn.shopify.com/s/files/1/0435/9510/4418/files/23294824081.pdf
- https://cdn.shopify.com/s/files/1/0433/4485/5194/files/rokiroketakek.pdf
- https://cdn.shopify.com/s/files/1/0429/7208/6435/files/birthday_invitation_card_template.pdf
- https://cdn.shopify.com/s/files/1/0429/9427/0371/files/fusaxusuraguvadosigezom.pdf
- https://cdn.shopify.com/s/files/1/0430/2100/9053/files/cardiotonicos_digitalicos.pdf
- https://cdn.shopify.com/s/files/1/0434/6406/5174/files/chevy_malibu_2017_user_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/9058/3464/files/formulaire_attestation_employeur_pole_emploi_remplissable.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/xeniwepisovera.pdf
- https://cdn.shopify.com/s/files/1/0434/5951/0424/files/wofomorejodowov.pdf
- https://cdn.shopify.com/s/files/1/0434/9480/1568/files/63269329800.pdf
- https://cdn.shopify.com/s/files/1/0439/6482/5758/files/mopigevanumara.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006393.binbd071fab578a40b68ab619befe43229e96e3a214e4ecd074f382d71a80c9754a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6393 | 5036 bytes |
font_01_sfnt_off00007495.bin3a2c1819e057fd0a3f0f3f171e37acc1ea9e509130504738f853bf880cbf8c57 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7495 | 10028 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.