MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Phishing:Spearphishing Attachment
T1204.002 Malicious File: Malicious Link
The PDF file contains a significant number of embedded links, with the heuristic PDF_SEO_LINK_FARM indicating a link farm. One of these links, https://ttraff.ru/wix?keyword=%25C3%25A9valuation+accents+tr%25C3%25A9ma+c%25C3%25A9dille+cm2, is flagged as a known malicious redirector. The document body contains garbled text but also includes the same suspicious URL and a list of other PDF links, suggesting a coordinated effort to distribute content or redirect users to malicious sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=%25C3%25A9valuation+accents+tr%25C3%25A9ma+c%25C3%25A9dille+cm2
- https://cdn.shopify.com/s/files/1/0437/1290/5370/files/rurepekewojodo.pdf
- https://cdn.shopify.com/s/files/1/0431/8189/9944/files/how_to_write_a_great_children_s_book.pdf
- https://cdn.shopify.com/s/files/1/0459/7127/5943/files/45854012279.pdf
- https://cdn.shopify.com/s/files/1/0440/7066/6392/files/reconstructing_amelia.pdf
- https://cdn.shopify.com/s/files/1/0430/0210/1923/files/kiwakumoduwiwexeri.pdf
- https://static.usrfiles.com/ugd/b8c837_de221f358af14cefb7bdd19a92485e94.pdf
- https://static.usrfiles.com/ugd/50c35f_53a2ddda55e14cc5bcad2dd4d3f78793.pdf
- https://static.usrfiles.com/ugd/b8c837_b6b5c9e69a094842918f2183ba34707f.pdf
- https://static.usrfiles.com/ugd/0bcf16_4513a381fadb43fcb86e14bddac2dd5f.pdf
- https://static.usrfiles.com/ugd/a4d998_79f38eb7419c4369a9cf7c7f6580af79.pdf
- https://static.usrfiles.com/ugd/dd6616_2603927e66ea4c71aab188e74e082df4.pdf
- https://static.usrfiles.com/ugd/b8c837_a79300031340454fa1555e5f191688e0.pdf
- https://static.usrfiles.com/ugd/93c935_f4c6ae5dee8e4c998ec565aab1d3bce5.pdf
- https://static.usrfiles.com/ugd/455f95_f37b075e2c44424187ccc1718ec9dc68.pdf
- https://static.usrfiles.com/ugd/4ae4db_8d81c557c4134b4d90821b7d75523375.pdf
- https://static.usrfiles.com/ugd/b8c837_e75fb7ffeecc407a85592424d02bffef.pdf
- https://static.usrfiles.com/ugd/cd79e3_b59d0a256ab04ef69ef5e8636b6d102d.pdf
- https://static.usrfiles.com/ugd/b8c837_a58955b17278475283872132fe14e640.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000059be.bin58a33f1f2d1fafb5e7da25e022454cec44b8e0534f261aea4d83788cf2583f0e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x59BE | 5400 bytes |
font_01_sfnt_off00006bbc.binb385244d31b37e7085d47281c8ff1412f469e84f4b2e4a976aca578eaa6d4927 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BBC | 12540 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.