MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a link that redirects to a known malicious infrastructure, indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains text related to a '2016 super duty towing guide' and the URL itself, suggesting a lure to trick users into clicking the malicious link. The PDF also contains a large number of external links, as flagged by PDF_SEO_LINK_FARM, which are likely part of a link farm to improve SEO for malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=2016+super+duty+towing+guide
- https://cdn.shopify.com/s/files/1/0433/4229/9295/files/portfolio_booklet_template_free.pdf
- https://cdn.shopify.com/s/files/1/0430/0367/4785/files/41987660163.pdf
- https://cdn.shopify.com/s/files/1/0435/4965/5203/files/gmail_passwort_auslesen_android.pdf
- https://cdn.shopify.com/s/files/1/0434/7048/7702/files/your_lie_in_april_live_wallpaper_android.pdf
- https://cdn.shopify.com/s/files/1/0428/0965/5462/files/easily_bendable_metal_sheets.pdf
- https://static.usrfiles.com/ugd/63d3ad_c8b9b0bdc54f440985a30768aba30d29.pdf
- https://static.usrfiles.com/ugd/b8c837_6ebaa75bf0de41ca8c478a6c151162ff.pdf
- https://static.usrfiles.com/ugd/dfb5f8_91abd8c7aa854160b467f193899c545c.pdf
- https://static.usrfiles.com/ugd/7c3584_8377c28ffc6345a7a323c4d9fc909233.pdf
- https://static.usrfiles.com/ugd/3d0627_49806aa55898439aaf81c2fd52102bec.pdf
- https://static.usrfiles.com/ugd/b8c837_51de7105e05e4e798e6da468956b3eb4.pdf
- https://static.usrfiles.com/ugd/f09a9d_1cc4d2d0a1c740999e96d25a0a8be054.pdf
- https://static.usrfiles.com/ugd/b8c837_30b21e8df89f4237b293259c0d393f57.pdf
- https://static.usrfiles.com/ugd/c836c3_8c647fb2ef7d4713aea8e6139297eee3.pdf
- https://static.usrfiles.com/ugd/eb6612_23fce63f19cc4ea593810a3b4056c283.pdf
- https://static.usrfiles.com/ugd/90c678_832ed16cabd845bf906e792ee301dd8c.pdf
- https://static.usrfiles.com/ugd/3ab5ed_e256e7ed9a0b478aa7916291ba84c4c3.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off0000a210.bin0268b07c3caccad8efdcf428621d0af73bf55a29c38a4a4386d6d5e52d6ede51 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xA210 | 17576 bytes |
font_00_sfnt_off00006c76.binc9e5b319f2d6240359a6dbcd8633c7814bff2968ba7e15fa9512f4e876e51783 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C76 | 5464 bytes |
font_01_sfnt_off00007f40.bin69b48724eb8a95ad196a70043b041ee1c3ad84f66079851bb9a9d2a83c7a8d7f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7F40 | 10108 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.