MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, a technique commonly used for SEO poisoning and phishing. One critical heuristic identified a malicious redirector link, and another flagged a large number of external PDF links, suggesting a link farm. The document body, though heavily obfuscated, contains a URL that appears to be part of this malicious infrastructure. The primary intent seems to be directing users to potentially harmful websites through deceptive content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=chimpanzee+politics+book+pdf
- http://mujunekow.jeannehenry.com/uploads/1/3/0/7/130775934/6163813.pdf
- http://naliror.rainforestab.ca/uploads/1/3/0/8/130814328/wazira_pagutenadoser_buzexawakajode.pdf
- http://sijorex.mishagray.com/uploads/1/3/1/6/131637016/baxef-dewojilezak.pdf
- http://files.openroads.org/uploads/1/3/1/4/131406797/5536f40e561a78.pdf
- http://gositovol.culhamafterschool.com/uploads/1/3/1/0/131070227/lebebedar.pdf
- https://cdn.shopify.com/s/files/1/0430/7858/2439/files/87588302322.pdf
- https://cdn.shopify.com/s/files/1/0431/4021/9037/files/vesokir.pdf
- https://cdn.shopify.com/s/files/1/0444/5965/5335/files/bomuwugira.pdf
- https://cdn.shopify.com/s/files/1/0435/0646/6975/files/bladder_incontinence_icd_10.pdf
- https://cdn.shopify.com/s/files/1/0429/0271/6572/files/29014368081.pdf
- https://f6f02750-c5fa-4393-a03d-2bb367aab60f.filesusr.com/ugd/d1d005_099af079ef5d44a3ac1de95b2b9a5588.pdf?index=true
- https://345bdd64-550e-4c28-8f34-613d94c39693.filesusr.com/ugd/9734e7_1c6f5e50cb174c0581510878e320cd13.pdf?index=true
- https://cdn.shopify.com/s/files/1/0428/8151/5673/files/nasoviporegimopidolibef.pdf
- https://cdn.shopify.com/s/files/1/0431/1996/8417/files/great_expectations_study_guide.pdf
- https://cdn.shopify.com/s/files/1/0431/3756/4839/files/nice_guidelines_sepsis_neonatal.pdf
- https://cdn.shopify.com/s/files/1/0433/7824/5781/files/xslt_xml_to_json.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000068bc.bin642ef319b7939012ef1e7b79044658d4ef0cc882eca81e535e969ab9bbe2c30b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x68BC | 5456 bytes |
font_01_sfnt_off00007b21.bine1752baab4ab312f57365e9337c930bd30f2dfd38c2074535eb63041959c53c4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B21 | 10244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.