MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.link/wix?keyword=generating+quadratic+sequences+worksheet'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded links, many pointing to Shopify domains. The document body, though heavily obfuscated, contains the malicious URL and references to educational materials, suggesting a lure to a malicious site disguised as a worksheet. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=generating+quadratic+sequences+worksheet
- http://files.kamafittv.com/uploads/1/3/1/4/131482819/f523388c2e.pdf
- http://xifebi.mindspringhempco.com/uploads/1/3/1/0/131070858/b69b0a202.pdf
- https://cdn.shopify.com/s/files/1/0434/1995/9463/files/austenite_transformation_to_martensite.pdf
- https://cdn.shopify.com/s/files/1/0427/4126/8647/files/iatf_16949_ebook.pdf
- https://cdn.shopify.com/s/files/1/0432/1827/2417/files/86157522710.pdf
- https://cdn.shopify.com/s/files/1/0432/6601/5395/files/pubujewugirubuv.pdf
- https://cdn.shopify.com/s/files/1/0434/0826/1285/files/pifonokaridopep.pdf
- https://c79b6311-7e37-4ca1-84f0-2667f938a843.filesusr.com/ugd/4dd980_1ab46a0dc3964f7fb7f3e511273a8b72.pdf?index=true
- https://a28b22fb-762d-4952-aede-d008f659122e.filesusr.com/ugd/a4c1fa_b49f7a53613146959b90751409bf2709.pdf?index=true
- https://188d3871-fbc7-4f09-a428-58ff1a33f26a.filesusr.com/ugd/6f5f23_1e9ef3512ad5466ebd21a53687a77360.pdf?index=true
- https://9f810cf7-2b34-4648-a8ef-4d3830ea9860.filesusr.com/ugd/1f6d71_169591fe98424f35925ec8525aab0eff.pdf?index=true
- https://cdn.shopify.com/s/files/1/0432/3514/7933/files/zurajaguwex.pdf
- https://cdn.shopify.com/s/files/1/0438/3014/9270/files/comparison_of_adjectives_exercises_upper_intermediate.pdf
- https://cdn.shopify.com/s/files/1/0433/8489/7692/files/lizilonewatesuja.pdf
- https://cdn.shopify.com/s/files/1/0428/1961/6935/files/biosensors_international_group_annual_report.pdf
- https://cdn.shopify.com/s/files/1/0464/3074/8824/files/dezebozavikoludiw.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005d2a.bin4a668b95c97d24d39289e68b3cb6d7e543957cc53a076590275b71409f7dad03 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D2A | 5484 bytes |
font_01_sfnt_off00006fd6.binf547dd080dabe5fb1364aaef51323d7bb7ac70a97f220c1fc5f8b4595ae9abef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FD6 | 10288 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.