MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to Shopify domains, but one critical link directs to a known malicious redirector. The document body, though heavily obfuscated, contains the text 'Brahman status video' and the malicious URL, suggesting a lure to a scam or phishing page. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=brahman+status+video
- https://cdn.shopify.com/s/files/1/0431/6967/7474/files/she_bangs_lyrics.pdf
- https://cdn.shopify.com/s/files/1/0440/7423/8102/files/mimijulovugidugo.pdf
- https://cdn.shopify.com/s/files/1/0433/1284/0872/files/36783664151.pdf
- https://cdn.shopify.com/s/files/1/0432/4887/7736/files/11978493914.pdf
- https://cdn.shopify.com/s/files/1/0431/0682/8454/files/59851443837.pdf
- https://static.usrfiles.com/ugd/dc6899_e59ee4e7a52d4c1c9eb04efc93e4dc71.pdf
- https://static.usrfiles.com/ugd/9ea9b6_1919f1da120647ec8f8781e93f3b7d5a.pdf
- https://static.usrfiles.com/ugd/df7b34_2b791988486e42ccae94a0e331e6b546.pdf
- https://static.usrfiles.com/ugd/7a11b0_6018cc48ca0d4d9785ce4c8ae62be61f.pdf
- https://static.usrfiles.com/ugd/bf0735_2e3d18c25b5f4fee8e1f4e07ac7644a0.pdf
- https://static.usrfiles.com/ugd/cfbfd2_cb851d919be44c208803c75dae14a9d9.pdf
- https://cdn.shopify.com/s/files/1/0433/7660/7390/files/hvac_interview_questions_and_answers_download.pdf
- https://cdn.shopify.com/s/files/1/0429/3551/7337/files/29750930307.pdf
- https://cdn.shopify.com/s/files/1/0435/7675/4344/files/45888767777.pdf
- https://cdn.shopify.com/s/files/1/0430/4633/8709/files/81268551145.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008bd3.bin2405a5eb0e83c3953b24453037f26d9e44bd316d961f333797cbf3b94bee9aed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8BD3 | 5140 bytes |
font_01_sfnt_off00009d1d.binad05f2c3bbd3509ec28b6b8e20611fade4d5931e6df60c794230420ad3fde238 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9D1D | 31924 bytes |
font_02_sfnt_off0000f936.bin277abdca7c13e9657e126d6ce14f76f017bfc3431dc2a5a3fb4f2e7098fcf8bc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF936 | 15084 bytes |
font_03_sfnt_off00012824.bin1879cb427d981ff2842f4525e5923e1260671cbe2eda17611c1e80cafefed8ad |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12824 | 18548 bytes |
font_04_sfnt_off000143b3.bin7e80d6843790fd0f78f0df6320742cd9e096ea5ed25d84097a3519299be17cb5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x143B3 | 10552 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.