MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a lure for a "content plan template for website" which, upon closer inspection of the document body, links to a malicious redirector. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK confirms this, identifying the URL https://ttraff.cc/pify?keyword=content+plan+template+for+website as malicious. Additionally, the PDF_SEO_LINK_FARM heuristic indicates a large number of outbound links, with the first identified as https://cdn.shopify.com/s/files/1/0450/1933/2766/files/zatevuzugesik.pdf, suggesting a link farm or distribution mechanism. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=content+plan+template+for+website
- http://files.benewahhumanesociety.org/uploads/1/3/0/7/130776487/7711739.pdf
- http://vebexi.valentinastexmexbbq.com/uploads/1/3/1/3/131384281/2147500.pdf
- http://files.midwifeaddison.com/uploads/1/3/1/8/131856166/lixenufadoxugu_raxikilo.pdf
- http://files.designsbydinius.com/uploads/1/3/0/8/130814397/sodedavuz_vapevaxewitokov_fexufatores_tevodijapaw.pdf
- http://nawez.8870adventures.com/uploads/1/3/1/4/131438324/5754896.pdf
- https://cdn.shopify.com/s/files/1/0450/1933/2766/files/zatevuzugesik.pdf
- https://cdn.shopify.com/s/files/1/0433/4993/4231/files/autosys_job_scheduler.pdf
- https://cdn.shopify.com/s/files/1/0429/7801/7443/files/61805976898.pdf
- https://cdn.shopify.com/s/files/1/0429/8761/8463/files/64772662174.pdf
- https://cdn.shopify.com/s/files/1/0430/5554/6517/files/vopaxopoguzadexi.pdf
- https://cdn.shopify.com/s/files/1/0430/4194/7801/files/themes_in_south_african_literature.pdf
- https://cdn.shopify.com/s/files/1/0433/0763/0747/files/52345642825.pdf
- https://cdn.shopify.com/s/files/1/0431/4310/2618/files/libro_almas_gemelas_dulce_regina.pdf
- https://cdn.shopify.com/s/files/1/0431/7121/7572/files/building_control_regulations_1997.pdf
- https://cdn.shopify.com/s/files/1/0436/4586/2041/files/asterix_en_italia_gratis.pdf
- https://cdn.shopify.com/s/files/1/0431/7547/7414/files/vande_mataram_movie_songs_320kbps.pdf
- https://cdn.shopify.com/s/files/1/0434/1301/2637/files/56572600301.pdf
- https://cdn.shopify.com/s/files/1/0433/5108/1118/files/giwazi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000644f.bind7fd2339c424415e66a9e77bd52395f730a981d9f89041fdef966adcc546e59f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x644F | 5088 bytes |
font_01_sfnt_off00007589.binf130609de0f601da3cd50c480d31c94d4fa8e941a0b4e02c73e63d3b5599af83 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7589 | 10144 bytes |
font_02_sfnt_off0000983a.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x983A | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.