MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link farm and a redirector to malicious infrastructure, indicated by the PDF_MALICIOUS_REDIRECTOR_LINK and PDF_SEO_LINK_FARM heuristics. The embedded URL and the document body text suggest a lure related to 'ppsspp games for android dragon ball', likely intended to trick users into downloading malware. The presence of a visual download button further supports this malicious workflow.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=ppsspp+games++for+android+dragon+ball
- http://furat.flyinghorsearts.com/uploads/1/3/0/7/130740489/4836558.pdf
- http://delagibo.nrgphotography.com/uploads/1/3/0/7/130776445/31fc465f1c5.pdf
- https://cdn.shopify.com/s/files/1/0429/8784/7843/files/dilefo.pdf
- https://cdn.shopify.com/s/files/1/0440/3593/2310/files/brecon_high_school_ofsted_report.pdf
- https://cdn.shopify.com/s/files/1/0434/4309/3660/files/cash_flow_statement_full_format.pdf
- https://cdn.shopify.com/s/files/1/0444/6637/2775/files/mastering_aperture_shutter_speed_iso_exposure.pdf
- https://cdn.shopify.com/s/files/1/0439/9464/4638/files/analytical_reasoning_tips.pdf
- https://cdn.shopify.com/s/files/1/0430/9617/8845/files/the_architect_s_handbook_of_professional_practice_student_edition.pdf
- https://cdn.shopify.com/s/files/1/0430/7615/7607/files/google_chrome_32_bit_win_7.pdf
- https://cdn.shopify.com/s/files/1/0431/9268/0611/files/82588876629.pdf
- https://cdn.shopify.com/s/files/1/0431/4441/3350/files/33152318420.pdf
- https://cdn.shopify.com/s/files/1/0431/4988/5606/files/case_ih_service_manual.pdf
- https://cdn.shopify.com/s/files/1/0429/7680/5013/files/newsela_quiz_answer_key.pdf
- https://cdn.shopify.com/s/files/1/0436/1030/8765/files/adobe_flash_player_10_for_mac.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006581.bin8afb4bc44e0291b5c0bf8ab9a2ceab96189b2d6dbafcc5b6bd19d5d748fcebf0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6581 | 4548 bytes |
font_01_sfnt_off0000756f.bine5ac667c4dc1c83dd709f91eb74f2c14dd1b65a0de6477dbd4c4a6e32e10e249 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x756F | 5504 bytes |
font_02_sfnt_off00008801.binc920d3b6ada0e4cfba0c22b82073a94b57c784352832dd69113b3cf7265db2ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8801 | 10472 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.