MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a malicious redirector link disguised as an academic probation form. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK indicates that the embedded URL, https://ttraff.com/pify?keyword=laurier+academic+probation+form, leads to known malicious infrastructure. Additionally, the PDF_SEO_LINK_FARM heuristic suggests a large number of outbound links, with the first being https://cdn.shopify.com/s/files/1/0433/0687/7080/files/pitoparejiki.pdf, indicating a link farm for SEO manipulation or traffic redirection.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=laurier+academic+probation+form
- http://files.elizabethstahlpsychotherapy.com/uploads/1/3/0/7/130776504/tugevivo.pdf
- http://files.vnannj.org/uploads/1/3/1/1/131163747/muroluwog-zoduxaxoxovawa-rajufulivavuwis-virorobeziteve.pdf
- http://files.salmonslinger.com/uploads/1/3/1/1/131163643/virolesodo-mitaxofujufimar-zipiputed.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/pitoparejiki.pdf
- https://cdn.shopify.com/s/files/1/0431/1675/7153/files/gusalalemufaxo.pdf
- https://cdn.shopify.com/s/files/1/0428/5369/5647/files/vuxatowalunajavajipep.pdf
- https://cdn.shopify.com/s/files/1/0432/5831/4912/files/bamujasi.pdf
- https://cdn.shopify.com/s/files/1/0431/5539/0630/files/56749580967.pdf
- https://cdn.shopify.com/s/files/1/0428/7997/5591/files/gamidonalapadavemugegev.pdf
- https://cdn.shopify.com/s/files/1/0432/9085/3531/files/29333249595.pdf
- https://cdn.shopify.com/s/files/1/0434/0521/3847/files/59499798082.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/zadolodiwifunum.pdf
- https://cdn.shopify.com/s/files/1/0431/1829/7245/files/tinonotivajaxikutowatip.pdf
- https://cdn.shopify.com/s/files/1/0433/3246/8890/files/3979618390.pdf
- https://cdn.shopify.com/s/files/1/0435/3762/9348/files/39796739642.pdf
- https://cdn.shopify.com/s/files/1/0434/8873/9494/files/87359629745.pdf
- https://cdn.shopify.com/s/files/1/0427/5650/5756/files/87347518624.pdf
- https://cdn.shopify.com/s/files/1/0433/0445/2246/files/sezametejidadekidodad.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007ae1.binf81b10bbffee484e468d1f16526fb3b9299ff3e8c4c245c7c94d5bdcf163407f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7AE1 | 5052 bytes |
font_01_sfnt_off00008bec.bine3bf83c3814c60f77d7bd25c8d3574d27204198f0d139bb9c92c8ebfa50f6c6d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8BEC | 10876 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.