MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.003 Windows Command Shell
The PDF contains a mass external link farm, with one URL pointing to a known malicious redirector. The document body also contains text that lures the user into copying and pasting content into a command-line interface, likely to execute a malicious payload. The primary malicious URL identified is https://ttraff.ru/pify?keyword=windows+10+version+1803+iso++microsoft.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=windows+10+version+1803+iso++microsoft
- http://pikozet.anaesthesiahistoryconnections.com/uploads/1/3/0/7/130776407/jomifejarovikizivep.pdf
- http://fiwow.farmandhorse.com/uploads/1/3/2/7/132710621/bapesubibadov-pesimuximozel-kimuva-rejixod.pdf
- http://files.cswithwhitlock.com/uploads/1/3/1/4/131406701/4791413.pdf
- http://files.canalsigling.com/uploads/1/3/2/6/132696154/manared.pdf
- https://cdn.shopify.com/s/files/1/0439/8628/8798/files/sequal_eclipse_5_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/2255/7082/files/senomi.pdf
- https://cdn.shopify.com/s/files/1/0435/3631/8616/files/datoxemepobulivaloxev.pdf
- https://cdn.shopify.com/s/files/1/0428/9177/2063/files/5301097046.pdf
- https://cdn.shopify.com/s/files/1/0429/6481/1927/files/24954887926.pdf
- https://cdn.shopify.com/s/files/1/0432/4953/3088/files/kikofipumurowu.pdf
- https://cdn.shopify.com/s/files/1/0430/3526/3138/files/vijifagagekinosewo.pdf
- https://cdn.shopify.com/s/files/1/0433/2670/1718/files/tufanozigojazijimifadeju.pdf
- https://cdn.shopify.com/s/files/1/0431/6128/8868/files/webigexeminifijev.pdf
- https://cdn.shopify.com/s/files/1/0430/0275/7281/files/rulubuxikeg.pdf
- https://cdn.shopify.com/s/files/1/0435/9539/9325/files/jofutexezababepamumotidu.pdf
- https://cdn.shopify.com/s/files/1/0432/7732/0352/files/suzut.pdf
- https://cdn.shopify.com/s/files/1/0446/9299/6252/files/albert_camus_the_stranger_download.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006923.bin972f18b0b82d7f21ec3fd89386107613e4e50ae0569da0f19479e79f145e234a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6923 | 5644 bytes |
font_01_sfnt_off00007c65.binabc228de6509aab7ab049fa146e99e08651ba5fe4953cde1d0eddeb9f69f43fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7C65 | 10368 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.