MALICIOUS
108
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1059.003 Windows Command Shell
The PDF contains a link to a known malicious redirector, indicating an attempt to deliver a payload. The document also explicitly instructs the user to copy and paste content into a shell, a common social engineering tactic to execute commands. The presence of a download lure further supports this malicious workflow.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=dts+studio+sound+apk+download
- http://files.colleenclement.com/uploads/1/3/0/9/130969850/xosavakesusariv.pdf
- http://files.noroydesign.com/uploads/1/3/1/8/131856306/deb16ffdd8.pdf
- http://files.tiactraining.com/uploads/1/3/0/7/130775544/vuvoroxuxugose.pdf
- http://files.upcycledonline.com/uploads/1/3/1/4/131453045/a9c5d069b.pdf
- https://tevozuvegit.files.wordpress.com/2020/07/petavuretutagalimimub.pdf
- https://susudamasot.files.wordpress.com/2020/07/44213156445.pdf
- https://mugitemos.files.wordpress.com/2020/06/50986567725.pdf
- https://suzoxafa.files.wordpress.com/2020/07/xulimodujab.pdf
- https://likulorasix.files.wordpress.com/2020/06/vizoridipitukov.pdf
- https://kexizof.files.wordpress.com/2020/07/kujifek.pdf
- https://cdn.shopify.com/s/files/1/0430/8992/0154/files/sobewubovugipij.pdf
- https://cdn.shopify.com/s/files/1/0432/6467/1909/files/30057883820.pdf
- https://cdn.shopify.com/s/files/1/0428/1407/9143/files/jexelizimawupevafipari.pdf
- https://cdn.shopify.com/s/files/1/0431/8255/5297/files/vininiwipufokilukavuraw.pdf
- https://cdn.shopify.com/s/files/1/0435/2340/8032/files/13916572297.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/3218030698.pdf
- https://cdn.shopify.com/s/files/1/0430/9113/2567/files/90394291747.pdf
- https://cdn.shopify.com/s/files/1/0428/4484/8295/files/resopifazigukejadotiw.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0003d136.bin14674985286672f482d3a37c66fc0e827acfead5832edd5d1ede84cd5f306b1e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3D136 | 4352 bytes |
font_01_sfnt_off0003e073.bina3f1846f31b6012540123cfa60636b5009e915217199c393add272491ee1eee7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3E073 | 4776 bytes |
font_02_sfnt_off0003f0c1.binbc8d9d22a853efca7efbd2a8b5c3b83f569c17a70e3529c360fb4fb0a2b8586e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3F0C1 | 2100 bytes |
font_03_sfnt_off0003fa8a.bine83191797c6fbf77ff8f91956c37e8859e5192a03732da5e6bd9505009426a70 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3FA8A | 19500 bytes |
font_04_sfnt_off000435b5.bincb17f4ba712d69e81417213b8486e9a501e96bd1c7b1be5c04b9cc5a02387445 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x435B5 | 17752 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.