MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one heuristic identifying it as a PDF SEO link farm and another flagging a link to a known malicious redirector. The document body is heavily obfuscated and appears to contain metadata rather than user-facing content. The primary attack pattern involves luring users through a large number of links, potentially to malicious sites or for SEO manipulation.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=fractal%20ax8%20edit%20manual
- http://files.thehatstore.us/uploads/1/3/1/4/131482950/rabilejifupozamuj.pdf
- http://files.edwardmoak.com/uploads/1/3/1/3/131380627/6080940.pdf
- http://files.godancedynamics.com/uploads/1/3/2/8/132814990/8b930b.pdf
- http://files.hammerheadfleet.com/uploads/1/3/1/1/131164024/gojidovijudaxiz.pdf
- http://files.geekandgamercounseling.com/uploads/1/3/1/8/131857112/pexuja-zidugiwefaf-zigitezowuxef.pdf
- http://files.edwardmoak.com/upl
- https://cdn.shopify.com/s/files/1/0434/6803/0102/files/22414067915.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/87664315042.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/zenafepejeviwasi.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/25781613666.pdf
- https://cdn.shopify.com/s/files/1/0429/7375/7603/files/72485182553.pdf
- https://vibenalatof.files.wordpress.com/2020/07/bapisuriwabekodibejod.pdf
- https://lujuvopi.files.wordpress.com/2020/06/57925836822.pdf
- https://womitoguv321508366.files.wordpress.com/2020/06/fukixapalo.pdf
- https://bukusuj.files.wordpress.com/2020/06/bulalazebonotilupiropixan.pdf
- https://jarojadum.files.wordpress.com/2020/07/80662700341.pdf
- https://cdn.shopify.com/s/files/1/0431/5086/8646/files/mabir.pdf
- https://cdn.shopify.com/s/files/1/0427/9956/2911/files/koxixig.pdf
- https://cdn.shopify.com/s/files/1/0431/7220/0608/files/kasusapijuwisoto.pdf
- https://cdn.shopify.com/s/files/1/0431/1390/6327/files/34936273836.pdf
- https://cdn.shopify.com/s/files/1/0431/0925/3282/files/wexelubakeviwixejub.pdf
- https://cdn.shopify.com/s/files/1/0434/0934/2621/files/20534641175.pdf
- https://cdn.shopify.com/s/files/1/0433/9780/8285/files/woputapejasazewimal.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000070b9.bincfabdf807f7318675ab7a416214b253f92b0e16c92779be917419419bcd34da3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x70B9 | 4896 bytes |
font_01_sfnt_off0000813e.bin94076eef59a9e68114ee32abf90cbec57e7c31081131cdcd81d65d8599ca0340 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x813E | 12536 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.