MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, directing users to 'https://ttraff.me/wix?keyword=information+about+mpsc+and+upsc'. The document body, though heavily obfuscated, also contains this URL, suggesting a lure to external content. The presence of a large number of external PDF links, many pointing to Shopify domains, indicates a link farm strategy, likely to obscure the malicious redirector. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=information+about+mpsc+and+upsc
- https://static.usrfiles.com/ugd/82e28d_33a01d8425fa4da29933f78380892383.pdf
- https://static.usrfiles.com/ugd/e5412a_34dbdf48519e482c8a7222e00b70b18d.pdf
- https://static.usrfiles.com/ugd/3254bf_dcd52a04d45a4170b22eec3b34a07a2a.pdf
- https://static.usrfiles.com/ugd/b8c837_74beb7bea6ba4e3fb1485657d6d6f66d.pdf
- https://static.usrfiles.com/ugd/5bb01c_ab5748d7f653457c9d92e53d896eb18d.pdf
- https://static.usrfiles.com/ugd/0f9ef0_34c56373bec44fe1a50ed3ba6f957184.pdf
- https://static.usrfiles.com/ugd/aa14a9_84323fdca8e14142a5526e6f01292e10.pdf
- https://cdn.shopify.com/s/files/1/0437/6880/7586/files/abatacept_product_information.pdf
- https://cdn.shopify.com/s/files/1/0438/1874/6013/files/nemawasivurumupenaxawe.pdf
- https://cdn.shopify.com/s/files/1/0428/2908/6876/files/zamosaruriwom.pdf
- https://cdn.shopify.com/s/files/1/0428/9924/3174/files/xisatuzunawadijobulor.pdf
- https://cdn.shopify.com/s/files/1/0433/4832/8603/files/android_activesync_mail_client.pdf
- https://cdn.shopify.com/s/files/1/0428/4419/2935/files/sazununigizulagijinige.pdf
- https://cdn.shopify.com/s/files/1/0431/8927/2737/files/log_worksheet_doc.pdf
- https://cdn.shopify.com/s/files/1/0431/3510/7233/files/affiliate_advertising_platforms.pdf
- https://cdn.shopify.com/s/files/1/0431/7092/2655/files/45641421766.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000619e.bind32bbac83354877472ab07b1955bfae8b291160e01b6e78de455db6f8a2451be |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x619E | 5108 bytes |
font_01_sfnt_off000072c5.bin0e1ab26ecf5adbe71626e412882cc0ed2e8c5e4e691dbf75db0d03616e5e59f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72C5 | 10316 bytes |
font_02_sfnt_off00009609.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9609 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.