MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, a common tactic for SEO poisoning or redirecting users to malicious content. One of the embedded URLs, 'https://ttraff.cc/wix?keyword=yugioh+vrains+ship+names', is flagged as a known malicious redirector. The document body is heavily obfuscated and contains no readable text, but the presence of the malicious redirector strongly suggests an intent to lure the user to a harmful destination.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=yugioh+vrains+ship+names
- https://6b4651d3-c249-446c-88d4-282c9eb4aa96.filesusr.com/ugd/d7c203_15a7cdb79bb3458c9fe9041f4bdd5c44.pdf?index=true
- https://c8749cfc-ad08-4e89-8e00-9497904805b5.filesusr.com/ugd/7ea8bb_aef793aabeb647ca90d841c4e92c0809.pdf?index=true
- https://bc5bab6a-df0e-4f5c-b224-5a184732e6ca.filesusr.com/ugd/26938b_ca9c2117453149c3ab8e2f073778fd29.pdf?index=true
- https://cdn.shopify.com/s/files/1/0435/6797/2513/files/powivinaxejefewoj.pdf
- https://cdn.shopify.com/s/files/1/0470/6340/0616/files/treatment_of_asthma_in_pregnancy.pdf
- https://cdn.shopify.com/s/files/1/0433/5966/6341/files/bujefajizewuligokel.pdf
- https://3e023388-76f4-4671-881f-e902d6fc1076.filesusr.com/ugd/ea9bdf_e31febc2bf1a4254a19c4ea0d25bda3b.pdf?index=true
- https://a09a8ded-8633-4eb8-b557-47f52a8d6d04.filesusr.com/ugd/affb4a_2d39752eb9bd45c7b7ad595ce5746350.pdf?index=true
- https://cdn.shopify.com/s/files/1/0435/5833/8715/files/bodoni_classic_deco_font_free.pdf
- https://cdn.shopify.com/s/files/1/0434/2877/4044/files/wosavegulajew.pdf
- https://cdn.shopify.com/s/files/1/0432/9940/5977/files/98947250739.pdf
- https://cdn.shopify.com/s/files/1/0432/1089/9624/files/84730894683.pdf
- https://cdn.shopify.com/s/files/1/0432/6028/0992/files/arris_dg2470_port_forwarding.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0433/5966/6341/f
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off0000d3ff.bin45288ef4bcdfbfc058efaf489ab97582262a278fbed621f5b3306b8c23cd3ba4 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xD3FF | 34360 bytes |
font_01_sfnt_off00013d20.bin1db294669206d616b23fb3ef96caacd638f4acf287b1c9e424fb19055894ad09 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13D20 | 5224 bytes |
font_02_sfnt_off00014eca.binb35c9cd80cb987795d39247f987f4934e5cf02313af10232ac0b68eb8bc39f75 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14ECA | 10608 bytes |
font_03_sfnt_off0001735d.bin895f66822cee8096b629ba52ebdbe333aa959cf625638ac8af8884b25f69792f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1735D | 16132 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.