MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, a common tactic for SEO poisoning and redirecting users to malicious sites. One critical heuristic identified a link to a known malicious redirector, ttraff.me, which is further disguised with a keyword related to educational worksheets. The document body, though heavily obfuscated, contains the same URL and other Shopify links, suggesting a coordinated effort to lure victims through seemingly benign content. No scripts were extracted, but the primary attack vector is the malicious redirection link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=present+simple+and+past+simple+worksheets+pdf
- https://cdn.shopify.com/s/files/1/0435/3120/6808/files/historia_del_neoliberalismo_en_bolivia.pdf
- https://cdn.shopify.com/s/files/1/0431/0600/9255/files/fasewitavuxonutajo.pdf
- https://cdn.shopify.com/s/files/1/0430/3929/3593/files/missing_letters_worksheets_for_grade_1.pdf
- https://cdn.shopify.com/s/files/1/0431/7180/7391/files/nejeda.pdf
- https://cdn.shopify.com/s/files/1/0454/5898/1022/files/los_angeles_map.pdf
- https://cdn.shopify.com/s/files/1/0434/5865/8456/files/suxinadofe.pdf
- https://cdn.shopify.com/s/files/1/0433/8515/9843/files/rabifejokelitoxi.pdf
- https://cdn.shopify.com/s/files/1/0430/6095/3242/files/photo_album_background_app.pdf
- https://cdn.shopify.com/s/files/1/0437/4318/2999/files/neeraj_nachiketa_environment_and_ecology_book.pdf
- https://cdn.shopify.com/s/files/1/0430/9532/6887/files/87575984005.pdf
- https://cdn.shopify.com/s/files/1/0432/3940/7784/files/calvary_chapel_christian_school_uniform.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/40573574370.pdf
- https://cdn.shopify.com/s/files/1/0437/1765/6728/files/66515378293.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/32177526878.pdf
- https://static.usrfiles.com/ugd/510691_de72c2b854f447729fb825be4e13ebe0.pdf
- https://static.usrfiles.com/ugd/64e449_95ad0e294b1046a981ad8d2423afcaa1.pdf
- https://static.usrfiles.com/ugd/2ac701_ccc70124eac149a4b2f5ee08b56e4b93.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000655e.binfb5c205bd4f211cf361d10c27969f78c750375ab3f437af23fc40973eaa01cf8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x655E | 5436 bytes |
font_01_sfnt_off000077bf.bin5ea2979cad1996b93a72adcb2e1c7e7888ab97a9fa4b301fdbf4ac8775f42fbe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77BF | 10584 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.