MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, forming a link farm. One of these links directs to a known malicious redirector, suggesting an attempt to lure users to malicious content. The document body itself is heavily obfuscated and contains metadata indicating it was generated by wkhtmltopdf, a tool often used to create SEO spam or phishing documents.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=las+aventuras+de+capulinita+pdf
- http://files.genuinely-younique.com/uploads/1/3/0/8/130814127/8999369.pdf
- http://tiwukux.ghostinspectors.com/uploads/1/3/1/4/131437792/tanoleg.pdf
- http://files.mikesmeatmarket.com/uploads/1/3/1/8/131871786/09fac.pdf
- http://files.shaunyates.com/uploads/1/3/1/3/131398308/jitipejekerorisu.pdf
- http://files.shantzmusic.ca/uploads/1/3/1/3/131384635/jotarukudax_gasogixobazax_sunekal_dodovutip.pdf
- https://cdn.shopify.com/s/files/1/0437/8099/7269/files/gojulowonolam.pdf
- https://cdn.shopify.com/s/files/1/0438/2959/2214/files/dog_knot_pullout_compilation.pdf
- https://cdn.shopify.com/s/files/1/0435/8940/2779/files/gitagu.pdf
- https://cdn.shopify.com/s/files/1/0435/8871/4653/files/antonyms_and_synonyms_list_with_bangla_meaning_free_download.pdf
- https://cdn.shopify.com/s/files/1/0429/5426/0633/files/pathfinder_horror_adventures_free_download.pdf
- https://cdn.shopify.com/s/files/1/0434/5203/9328/files/35229480363.pdf
- https://cdn.shopify.com/s/files/1/0429/4675/6774/files/mathematical_puzzles.pdf
- https://cdn.shopify.com/s/files/1/0434/5420/2018/files/53866855782.pdf
- https://cdn.shopify.com/s/files/1/0430/4044/0471/files/14741008787.pdf
- https://cdn.shopify.com/s/files/1/0432/5844/5979/files/public_health_risk_assessment.pdf
- https://cdn.shopify.com/s/files/1/0437/7162/5621/files/rerusiwosubevitoxa.pdf
- https://cdn.shopify.com/s/files/1/0435/0862/9663/files/kujemabuzafezesu.pdf
- https://cdn.shopify.com/s/files/1/0430/7946/7162/files/transport_phenomena_bird.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007445.binf0d8bd505dfb38126a2b742263cbf50556db8bcdf837a5965e5c1887622eee7f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7445 | 5148 bytes |
font_01_sfnt_off000085e6.bin55cfed4b0a3beb91a26f83ae15ad46412b444a2d1bb0604e75a480799bee1579 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85E6 | 11456 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.