MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a high number of embedded links, many of which point to a redirector service (ttraff.cc) that is flagged as malicious. The document body, though heavily obfuscated, contains the URL that is also present in the heuristics, suggesting a lure to download further content or redirect to a malicious site. The presence of numerous links, including those hosted on Shopify, indicates an attempt to create a link farm for SEO poisoning or to disguise malicious links among benign ones.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=ankle+sprain+home+exercise+program+pdf
- http://files.markvillemassage.com/uploads/1/3/1/4/131437139/zafotozez.pdf
- http://files.growwithmehomechildcare.com/uploads/1/3/1/4/131406744/finigan_xaputovatixabi_fiwexo.pdf
- http://files.ontherun.us/uploads/1/3/1/6/131606109/b5296ce51c34d54.pdf
- http://files.profe-h.com/uploads/1/3/1/8/131857758/nasitonunif.pdf
- https://cdn.shopify.com/s/files/1/0428/0057/8723/files/chronicle_of_a_death_foretold_full_text.pdf
- https://cdn.shopify.com/s/files/1/0438/5511/8501/files/54116645213.pdf
- https://cdn.shopify.com/s/files/1/0431/2052/5476/files/zafovefuvib.pdf
- https://cdn.shopify.com/s/files/1/0432/0185/5646/files/91228228587.pdf
- https://cdn.shopify.com/s/files/1/0429/2208/2460/files/123156922.pdf
- https://cdn.shopify.com/s/files/1/0433/5131/0488/files/4018217028.pdf
- https://cdn.shopify.com/s/files/1/0431/2704/6298/files/82243304018.pdf
- https://cdn.shopify.com/s/files/1/0429/9833/3599/files/bissell_proheat_2x_pet_manual.pdf
- https://cdn.shopify.com/s/files/1/0432/7460/0598/files/33997886950.pdf
- https://cdn.shopify.com/s/files/1/0436/8603/5621/files/shakespearean_sonnets.pdf
- https://cdn.shopify.com/s/files/1/0432/3550/8387/files/dupabebakudaz.pdf
- https://cdn.shopify.com/s/files/1/0437/1218/4474/files/87202924055.pdf
- https://cdn.shopify.com/s/files/1/0436/5543/0302/files/16511156354.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000074cb.bind212c44ad049106ea12877ce4fe6f45169053195af521c2064ce51e78edfb048 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74CB | 5688 bytes |
font_01_sfnt_off0000880a.bin6d41e9f9ac41d44f29074af9aea8e8a6ef5768da91dc3f257662f07b30df6b63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x880A | 10484 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.