MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF document was identified as malicious due to the presence of numerous embedded links, a technique often used in SEO link farms to distribute malicious content. The primary malicious URL identified is https://ttraff.com/pify?keyword=approaches+to+curriculum+evaluation+pdf, which is flagged as a known malicious redirector. While the document body contains garbled text, the heuristics clearly indicate a link farm strategy, suggesting the PDF's purpose is to lure users to potentially harmful websites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=approaches+to+curriculum+evaluation+pdf
- https://static.usrfiles.com/ugd/e3834b_b9a94435b2e841e8b71dbdac8d1cc620.pdf
- https://static.usrfiles.com/ugd/5899d5_cd407306f93d4932945e25b1361c8338.pdf
- https://static.usrfiles.com/ugd/e3ff21_be163fa289ab4943b90deb054df5823b.pdf
- https://static.usrfiles.com/ugd/63022f_4d2004a2b1dc41f38b7b27af97ce23f9.pdf
- https://static.usrfiles.com/ugd/b8c837_b2f3e755c7684819adf616f6772488ab.pdf
- https://static.usrfiles.com/ugd/b8c837_bd77a079ee7842eea880f24a64805ce4.pdf
- https://static.usrfiles.com/ugd/cac9e4_7ace09ea88794448b7cdd3f543ee00c3.pdf
- https://cdn.shopify.com/s/files/1/0428/0349/5071/files/wilomisexukudibuv.pdf
- https://cdn.shopify.com/s/files/1/0429/2263/9527/files/tilogugijasemitakawe.pdf
- https://cdn.shopify.com/s/files/1/0429/7608/4117/files/generals_io_strategy.pdf
- https://cdn.shopify.com/s/files/1/0462/7719/7984/files/recrutement_alternance_informatique_ile_de_france.pdf
- https://cdn.shopify.com/s/files/1/0430/5915/1009/files/ambarsariya_full_movie_moviescounter.pdf
- https://static.usrfiles.com/ugd/b8c837_72020fa966ed421cae4e09872c55cac4.pdf
- https://static.usrfiles.com/ugd/ce5d00_41016b44a7e44302924b34032cc0bd66.pdf
- https://static.usrfiles.com/ugd/8de238_347caab4dac2413c95b3c218992c10ce.pdf
- https://static.usrfiles.com/ugd/48d9a1_f4f467895f14447497f40fc6729e1df9.pdf
- https://static.usrfiles.com/ugd/6116da_c32a8ef3ac9b4762b16e3dd6d1f25949.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000537d.bind268a28d1a51cb7ba4fd088f16872ad9ae5d2b8a2284bf57657c241c34c73c0f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x537D | 3776 bytes |
font_01_sfnt_off000060e5.binfd482e4f99b55e400c6459cdfee001d251770af277c6ae2237d0171662e66b32 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x60E5 | 5444 bytes |
font_02_sfnt_off00007343.bin339b458b1d4f6eff3850a1e8f4dd71f9729025d9fa22df506584e0368f93027a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7343 | 10212 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.