MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to external resources. One critical heuristic identified a link to a known malicious redirector, 'https://ttraff.cc/pify?keyword=chhattisgarhi+natak+hd+video', suggesting a phishing or malware distribution attempt. The document body, though heavily obfuscated, also contains this URL and other links hosted on Shopify, indicating a link farm strategy to obscure the ultimate malicious destination.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=chhattisgarhi+natak+hd+video
- http://files.creative-change-management-online.com/uploads/1/3/2/6/132681438/bolexapedituxi.pdf
- http://files.roberttonylopez.com/uploads/1/3/2/3/132303117/c5953.pdf
- http://files.tylerleighnicholson.com/uploads/1/3/0/9/130969710/ca0e4.pdf
- http://texusoz.msbellmlis.com/uploads/1/3/1/6/131607240/zeseg_piwajenelawej_tofodo_lilageseseligug.pdf
- https://cdn.shopify.com/s/files/1/0432/3675/3570/files/wonitipazox.pdf
- https://cdn.shopify.com/s/files/1/0445/8368/2212/files/lefudutakugedutuwo.pdf
- https://cdn.shopify.com/s/files/1/0433/1739/5611/files/bilingualism_romaine_1995.pdf
- https://cdn.shopify.com/s/files/1/0434/0783/5292/files/81136899256.pdf
- https://cdn.shopify.com/s/files/1/0429/2778/4099/files/48110793608.pdf
- https://cdn.shopify.com/s/files/1/0437/1480/5914/files/electronically_sign_preview_mac.pdf
- https://cdn.shopify.com/s/files/1/0432/5313/7563/files/xodesimanubewajaxojokake.pdf
- https://cdn.shopify.com/s/files/1/0434/1471/6572/files/varices_esofagicas_causas.pdf
- https://cdn.shopify.com/s/files/1/0441/0369/6536/files/1998_ford_escort_repair_manual.pdf
- https://cdn.shopify.com/s/files/1/0447/9864/0288/files/automatic_transfer_switch_schematic_diagram.pdf
- https://cdn.shopify.com/s/files/1/0435/0348/5092/files/alphabet_games.pdf
- https://cdn.shopify.com/s/files/1/0427/7554/3964/files/flame_test_lab_report_sheet.pdf
- https://cdn.shopify.com/s/files/1/0429/6625/3724/files/49055698834.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006fc8.binf5ba4b29927c6a9be230f4edf1110bf40a285e66afa0ee4b548175b1a86ccf9a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FC8 | 5084 bytes |
font_01_sfnt_off0000810a.bin3aa28a14ac39410746b7663a01ecd79224838bcd1e2d72db740e7a502b25909c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x810A | 15648 bytes |
font_02_sfnt_off0000b198.bin651ac2bff5520b59f16f753d2d3894f2a16fda9b989f42f381394a532f0f30b3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB198 | 16168 bytes |
font_03_sfnt_off0000c6e7.binf011ce0c58f6823270ef8956d3cd16a28625bae17509cdd20d37f0b74182150b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC6E7 | 8576 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.