MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The PDF contains a mass external link farm, with one URL pointing to known malicious redirector infrastructure. The document body and heuristics indicate a social-engineering lure to install a browser extension or update. This suggests the PDF is a delivery mechanism for further malicious activity, potentially leading to credential theft or malware download.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=aloha+browser+pc
- http://files.punxsutawneylibrary.org/uploads/1/3/1/4/131453645/rinosir-sebakosanu-zirol-nasafegetaw.pdf
- http://files.thepayee.com/uploads/1/3/1/4/131453048/pibinolepowemat.pdf
- http://files.mpala.net/uploads/1/3/0/7/130739510/1a1c6cf99a59bc8.pdf
- https://cdn.shopify.com/s/files/1/0438/2438/2114/files/tikagufukovepajabilarufox.pdf
- https://cdn.shopify.com/s/files/1/0427/6633/6167/files/vijudokuritinu.pdf
- https://cdn.shopify.com/s/files/1/0434/5613/5334/files/general_aptitude_questions_download.pdf
- https://cdn.shopify.com/s/files/1/0437/2915/8295/files/negadedovetanalo.pdf
- https://cdn.shopify.com/s/files/1/0431/5611/1520/files/banjara_songs_audio.pdf
- https://cdn.shopify.com/s/files/1/0433/0926/9156/files/81549990846.pdf
- https://cdn.shopify.com/s/files/1/0431/4402/0125/files/84076646763.pdf
- https://cdn.shopify.com/s/files/1/0434/1766/5701/files/bokozazumobem.pdf
- https://cdn.shopify.com/s/files/1/0434/2287/5797/files/thyristor_basics.pdf
- https://cdn.shopify.com/s/files/1/0437/6818/4993/files/61386595863.pdf
- https://cdn.shopify.com/s/files/1/0434/5679/0695/files/98520827221.pdf
- https://cdn.shopify.com/s/files/1/0429/8365/3527/files/wunigomojefuvixozitabigaz.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006d2b.bin725883c3c2a2f1a2812066da8de4a5c1db91788006673c015b1698bab4bca5b3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D2B | 5240 bytes |
font_01_sfnt_off00007efe.bin953da2a52d47a7511df70ac9e2bfa27c9b2c9c83997a120c944c1cdce221ad8c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EFE | 2052 bytes |
font_02_sfnt_off000087b1.bin91c920362d289362546430eb49773ebb4162917e2745abc2a3e4a7b55bafab5a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x87B1 | 14924 bytes |
font_03_sfnt_off0000b0cd.bin87d01c46bd2eb200c7b335e00b3c65b697079fe094a8f7d7e81f27d38326463c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB0CD | 16488 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.