MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains multiple embedded links, with a critical heuristic firing indicating a link to known malicious redirector infrastructure. The document body, though partially corrupted, contains text related to a project report and a URL that appears to be part of a SEO spam or phishing lure. The presence of numerous external PDF links further suggests a link farm or distribution mechanism. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=self%20curing%20concrete%20project%20report%20pdf
- http://files.vbtouray.com/uploads/1/3/1/8/131871730/vimegunebasuleropev.pdf
- http://files.tt-lt-support-network.com/uploads/1/3/2/8/132814958/9447910.pdf
- http://files.carolthomson.com/uploads/1/3/1/4/131437504/887564.pdf
- http://files.gandecollective.com/uploads/1/3/1/4/131406344/12a18f469.pdf
- https://cdn.shopify.com/s/files/1/0439/1760/7067/files/c_infinity_v_character_table.pdf
- https://cdn.shopify.com/s/files/1/0433/3063/3881/files/florida_snake_identification.pdf
- https://cdn.shopify.com/s/files/1/0432/6473/7448/files/20721724876.pdf
- https://cdn.shopify.com/s/files/1/0433/0458/3318/files/52309141618.pdf
- https://cdn.shopify.com/s/files/1/0430/9847/2605/files/polycab_armoured_cable_price_list_2020.pdf
- https://cdn.shopify.com/s/files/1/0432/8167/8494/files/7897219483.pdf
- https://cdn.shopify.com/s/files/1/0428/6277/2380/files/20967696436.pdf
- https://cdn.shopify.com/s/files/1/0435/1436/4059/files/kekubifovajemoxumiza.pdf
- https://cdn.shopify.com/s/files/1/0434/5957/5958/files/monster_hunter_ps2.pdf
- https://cdn.shopify.com/s/files/1/0430/5689/0013/files/kopupabepenabima.pdf
- https://cdn.shopify.com/s/files/1/0432/8279/2606/files/75453298119.pdf
- https://cdn.shopify.com/s/files/1/0436/2420/2403/files/mail_merge_adobe.pdf
- https://cdn.shopify.com/s/files/1/0432/8253/0472/files/75388011921.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ff28.bin6b3a9affc964e13a70728a6e85997f5aa4482e4dcdb794daa69f83e158b85ad7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFF28 | 5116 bytes |
font_01_sfnt_off000110a0.bin13a166c1b02f50635828ab4002f99db41352f0be6b3a8bca5b65fc73b6ea340f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x110A0 | 29308 bytes |
font_02_sfnt_off000142ac.binb5a4f801aa2d3950a54d179b680f529a60c8f35ad6bd0ecb3bd41ae16223f0e6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x142AC | 11360 bytes |
font_03_sfnt_off00016b0e.bine2c2678d29cb891bfb86cac43c998891034d94d06eb24edf2f1d6c815ba0544c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16B0E | 14364 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.