MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains a mass external link farm, with many links pointing to shopify.com domains, and one critical link to a known malicious redirector. The document body, though heavily obfuscated, contains text that appears to be a lure for a 'fishing report'. The primary malicious indicator is the redirector URL, which is designed to lead users to malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=fishing+report+long+island+ny
- https://cdn.shopify.com/s/files/1/0429/6074/8695/files/betisojumizu.pdf
- https://cdn.shopify.com/s/files/1/0470/9702/0566/files/7571902093.pdf
- https://cdn.shopify.com/s/files/1/0440/4733/5574/files/74972105639.pdf
- https://cdn.shopify.com/s/files/1/0431/5090/1402/files/86037084989.pdf
- https://static.usrfiles.com/ugd/b8bbd7_a02dea54b4dd4a7b9218c236c2209792.pdf
- https://static.usrfiles.com/ugd/2c608b_abd3cf11166f427da84ccfe1f0d1ab5f.pdf
- https://static.usrfiles.com/ugd/8c2e83_187c78656d7247ca8299a221fa7b2ffd.pdf
- https://static.usrfiles.com/ugd/3bf302_75dd013e08c74c56916494037cacb399.pdf
- https://static.usrfiles.com/ugd/77941b_485d39cb7d0547dfbd6f3012b1d79d88.pdf
- https://static.usrfiles.com/ugd/19103d_c2871a75cd894f249b8d3bf10a1f99c4.pdf
- https://static.usrfiles.com/ugd/96bf9d_dd91b315809e4af7858b0217386d0ef2.pdf
- https://cdn.shopify.com/s/files/1/0434/0105/2312/files/vusajijowumurokawokavezog.pdf
- https://cdn.shopify.com/s/files/1/0440/8626/3960/files/celebrate_recovery_step_study_book_1.pdf
- https://cdn.shopify.com/s/files/1/0436/5415/2342/files/tesoxitimuladipuzi.pdf
- https://cdn.shopify.com/s/files/1/0435/9372/8158/files/ai_1_form.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ug
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008662.bin3b89a1333aa93e194de12c5c5da229a8f3a969ace6b07a90c5323b9ece6747ec |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8662 | 2828 bytes |
font_01_sfnt_off0000905d.bin4d6acb9b8a7f34cc31f4d62abae6912d8b0bf86e0ffa5ed68c4022c8b93167d9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x905D | 5276 bytes |
font_02_sfnt_off0000a255.bin56646fcdbafd8ff2f609a5ee1e501cef38c2765a6d5bf80914c126c1c75e0936 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA255 | 10060 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.