MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.com/pify?keyword=dehati+anpadh+hari+re+song'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, many hosted on Shopify. The document body, though heavily corrupted, also contains the primary malicious URL. The combination of these factors strongly suggests a social engineering attempt to lure the user to a malicious site.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=dehati+anpadh+hari+re+song
- http://files.hannabiell.com/uploads/1/3/1/6/131636965/lebalo.pdf
- http://fazob.applewayjoy.com/uploads/1/3/2/7/132711991/8185158.pdf
- http://files.johnwestlakeods.com/uploads/1/3/2/6/132681482/nowimawewixibetu.pdf
- https://cdn.shopify.com/s/files/1/0434/0878/5562/files/50655963785.pdf
- https://cdn.shopify.com/s/files/1/0437/4636/1505/files/android_browser_full_screen_video.pdf
- https://cdn.shopify.com/s/files/1/0440/2230/0822/files/jawimule.pdf
- https://cdn.shopify.com/s/files/1/0430/6183/7981/files/32328811206.pdf
- https://cdn.shopify.com/s/files/1/0431/1564/3031/files/zosewazusupiwala.pdf
- https://cdn.shopify.com/s/files/1/0433/4105/4111/files/icao_annex_6_part_3.pdf
- https://cdn.shopify.com/s/files/1/0431/5021/3274/files/36065059457.pdf
- https://cdn.shopify.com/s/files/1/0437/0392/6939/files/vuporolitokejudix.pdf
- https://cdn.shopify.com/s/files/1/0454/7529/9478/files/dry_adiabatic_lapse_rate.pdf
- https://cdn.shopify.com/s/files/1/0430/3742/5818/files/6498706601.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005950.bin3788f9b6d144d5ba04c72bc9bd10ab9e4a50e52e401cd58dd3dccf589ec39cfa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5950 | 5188 bytes |
font_01_sfnt_off00006ae2.bin376b62b4f252c3b852fed21b0bd9be6cd80fa46e0709381b551826a2064b4fdc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6AE2 | 5360 bytes |
font_02_sfnt_off00007e7b.bin47503bbff56543f17527dc43a9fea1bc1f2a0d88be10b1ec18adab3219e7e112 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E7B | 13952 bytes |
font_03_sfnt_off0000aa5c.bin5b9dc5cdb24bbb40bad573dd0f59008f841fc342d469d3449b29c4760376f233 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAA5C | 17324 bytes |
font_04_sfnt_off0000c2b9.bin8575b1adef60be433137a59a27f62c85262a2a733a681189eaa1c33eec8441d0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC2B9 | 5864 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.