MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.cc/pify?keyword=wifi+deauther+apk'. Additionally, it exhibits characteristics of a PDF SEO link farm, embedding numerous external links, many of which point to Shopify-hosted PDFs. The document body, though heavily obfuscated, contains the same redirector URL. This suggests the primary intent is to redirect users to malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=wifi+deauther+apk
- http://sozivi.lemonsqueezykb.co.uk/uploads/1/3/0/9/130969130/8398351.pdf
- http://fudonow.spectrumliving.co.uk/uploads/1/3/1/0/131070767/kiketufojakad.pdf
- http://wodim.papayabranchboutique.com/uploads/1/3/1/1/131164278/229440.pdf
- http://zitaju.syrphc.com/uploads/1/3/1/3/131398140/9944902.pdf
- https://cdn.shopify.com/s/files/1/0437/6562/9077/files/grade_12_general_chemistry_curriculum_guide.pdf
- https://cdn.shopify.com/s/files/1/0435/3196/0474/files/41596852388.pdf
- https://cdn.shopify.com/s/files/1/0430/6649/1042/files/22879807274.pdf
- https://cdn.shopify.com/s/files/1/0431/3179/7668/files/bevuwulafexabewapokot.pdf
- https://cdn.shopify.com/s/files/1/0437/6569/4613/files/acvim_2020_schedule.pdf
- https://cdn.shopify.com/s/files/1/0429/3754/8959/files/21761584986.pdf
- https://cdn.shopify.com/s/files/1/0431/5276/9192/files/dekarepuwozewiz.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/tefukina.pdf
- https://cdn.shopify.com/s/files/1/0431/5057/3719/files/81635181096.pdf
- https://cdn.shopify.com/s/files/1/0430/6750/6841/files/potentilla_anserina.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006eae.bin3d4760ca295192c89086870ebbac49c5a5945404ea6ab57fca452cf2db5f569a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6EAE | 6440 bytes |
font_01_sfnt_off00007ea2.bin737bb5e356f9282233bebeb8bfb9a55817f0f09ca42212454ee4b71205d1a191 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EA2 | 4996 bytes |
font_02_sfnt_off00008fa1.binf01686cd179070968791d3fa95f5b46fcf2c4f579fd29c4735c76d6c4eeeecc0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8FA1 | 7280 bytes |
font_03_sfnt_off0000a7ca.bin0f03d3c64f14d5fe9ef3507af7920ce4f922bb731cdeb52a13076a93494dd596 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA7CA | 10884 bytes |
font_04_sfnt_off0000cd3b.binad5515fdf36a3b17eda65804c51f57361653501d472617c07a4e833100bd1d21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCD3B | 17180 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.