MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a deceptive title "Namaz ka tarika pdf in urdu" to entice users. It embeds multiple links, with one critical heuristic identifying a link to a known malicious redirector at `ttraff.ru`. This redirector is likely used to funnel victims to further malicious content. The file also contains a large number of embedded links, many pointing to Shopify, which is characteristic of SEO link farm abuse.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=namaz+ka+tarika+pdf+in+urdu
- http://files.seychellesbirdrecordscommittee.com/uploads/1/3/1/3/131379183/3769002.pdf
- http://files.surrenderedtochrist.org/uploads/1/3/2/6/132681656/wulegi.pdf
- http://files.shippensburghistoricalsociety.org/uploads/1/3/2/6/132683137/6133606.pdf
- https://cdn.shopify.com/s/files/1/0430/8510/3255/files/45534116593.pdf
- https://cdn.shopify.com/s/files/1/0432/5595/5619/files/winefuwazawoje.pdf
- https://cdn.shopify.com/s/files/1/0431/6741/6488/files/79257371661.pdf
- https://cdn.shopify.com/s/files/1/0430/8752/8103/files/7314249457.pdf
- https://cdn.shopify.com/s/files/1/0434/6285/2761/files/dejunukumawovilaledite.pdf
- https://cdn.shopify.com/s/files/1/0436/4782/8133/files/56890790625.pdf
- https://cdn.shopify.com/s/files/1/0432/7469/8912/files/lagumanulekevugarumig.pdf
- https://cdn.shopify.com/s/files/1/0429/1959/2099/files/65819208078.pdf
- https://cdn.shopify.com/s/files/1/0429/5180/3039/files/28139144725.pdf
- https://cdn.shopify.com/s/files/1/0431/4021/9041/files/25229550995.pdf
- https://cdn.shopify.com/s/files/1/0429/1916/6105/files/84559023717.pdf
- https://cdn.shopify.com/s/files/1/0432/9832/4638/files/rofiriraze.pdf
- https://cdn.shopify.com/s/files/1/0436/9140/9558/files/58647979695.pdf
- https://cdn.shopify.com/s/files/1/0438/1717/3149/files/34988921231.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off0000aa1b.bin64a8fc966cf70f488ba67ef9f0baa0b2ec04701be385d10bef26360ac34b1874 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xAA1B | 25692 bytes |
font_00_sfnt_off00006b71.bin6fac1f39b5ebb4c599a0ee00f7c70a8f046ad6eaf5dc2be6a263a7496ae67467 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B71 | 3312 bytes |
font_01_sfnt_off0000773b.bindd2dd14c154c40522fce38cf443a783db407b87ed0e438e60a53574610fc8ba9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x773B | 4712 bytes |
font_02_sfnt_off00008723.bin76a41aca69045b31d8816c4f42833f7c5545ed433f1a250ad70517374ff17ce2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8723 | 10240 bytes |
font_04_sfnt_off0000d7a2.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD7A2 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.