MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, which is also present in the document body. This link leads to a URL that is likely part of a link farm designed for SEO manipulation, ultimately directing users to malicious content. The document's apparent purpose is to trick users into clicking the malicious link by disguising it as a relevant PDF.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/123?keyword=types+of+secondary+memory+in+computer+pdf
- https://tipefejiri.weebly.com/uploads/1/3/0/9/130969755/65bf7dd0f0f3.pdf
- https://lozulijulejibog.weebly.com/uploads/1/3/1/8/131857057/2503804.pdf
- https://zoxuzuxebexot.weebly.com/uploads/1/3/0/9/130969059/tidivobinimigip-banez-batipafon.pdf
- https://wekubuzebebam.weebly.com/uploads/1/3/0/7/130739705/8350a2.pdf
- https://redunexodozik.weebly.com/uploads/1/3/0/8/130814050/d1ce4.pdf
- https://cdn-cms.f-static.net/uploads/4365598/normal_5f8a4dd253f30.pdf
- https://cdn-cms.f-static.net/uploads/4370785/normal_5f88454493a68.pdf
- https://cdn-cms.f-static.net/uploads/4366659/normal_5f88574b96b5b.pdf
- https://cdn.shopify.com/s/files/1/0491/6051/9879/files/skyjack_sj8841_parts_manual.pdf
- https://cdn.shopify.com/s/files/1/0502/3648/9893/files/code_vein_old_goddess_statue.pdf
- https://cdn.shopify.com/s/files/1/0482/4406/4408/files/kimegirupotuxopatawax.pdf
- https://uploads.strikinglycdn.com/files/989b5cd0-be53-42bb-a5ae-035c4a60ff43/dofiw.pdf
- https://uploads.strikinglycdn.com/files/9fc2005e-149f-4c06-869a-5794906d8cb2/50917985500.pdf
- https://uploads.strikinglycdn.com/files/ea30bbe5-5b44-4b9d-8d93-178db0dd82f1/989238637.pdf
- https://cdn.shopify.com/s/files/1/0496/6344/3101/files/jovefovugoles.pdf
- https://cdn.shopify.com/s/files/1/0482/8535/2100/files/zikimanuxiwoxibofaputagu.pdf
- https://uploads.strikinglycdn.com/files/e3b536c3-c2df-421f-8cd4-9af6175d6bf1/45261243074.pdf
- https://uploads.strikinglycdn.com/files/d604d25b-2499-4b86-b40a-c33fceb674e8/tosamod.pdf
- https://uploads.strikinglycdn.com/files/43b2dd50-6416-4a71-b834-3dcb2d1c78eb/rojopomolemelavorogiziw.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000722a.bin5eea80179779832d707dfcd8219f1245c3ee4003d92eb5fe45a833cf91476cc0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x722A | 5320 bytes |
font_01_sfnt_off0000842a.bin51ebeec29509b87aa858d500e37ac8853184703d07d1f913ce36d8e1dc7764c0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x842A | 1800 bytes |
font_02_sfnt_off00008cb8.binb6a4ad462e8a9a3a6446cd75dafadd58b3d0d25b030075f9398c8c9cbc47ca3c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8CB8 | 10004 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.