MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass external link farm, with one prominent link pointing to a known malicious redirector. The document body also contains a lure related to 'Steam slow but internet fast' and explicitly instructs the user to disable security software, indicating a social engineering attempt to bypass defenses. No scripts were extracted, but the PDF structure and embedded links are sufficient to infer malicious intent.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Security software disable instruction high SE_SECURITY_BYPASSDocument instructs the user to disable antivirus or security software — unusual for ordinary documents and high-risk in an unsolicited file
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/pify?keyword=steam++slow+but+internet+fast
- https://cdn.shopify.com/s/files/1/0428/4357/0343/files/gegofinazotem.pdf
- https://cdn.shopify.com/s/files/1/0431/5198/2754/files/poribumotosozusikerelow.pdf
- https://cdn.shopify.com/s/files/1/0429/3325/6345/files/nigexoxukavapusezelefiko.pdf
- https://cdn.shopify.com/s/files/1/0434/8110/4541/files/61473214567.pdf
- https://cdn.shopify.com/s/files/1/0429/8443/9971/files/bofikixibuvebowumakivuxem.pdf
- https://cdn.shopify.com/s/files/1/0437/5874/7800/files/sololearn_certificate.pdf
- https://static.usrfiles.com/ugd/110ef3_984085b262a242c2b54e0531374e49a0.pdf
- https://static.usrfiles.com/ugd/aa14a9_350fcfc83b7e4c8c86c79379ded5b250.pdf
- https://static.usrfiles.com/ugd/e2c250_69830e1b32fb457ebc165dcaf33561fd.pdf
- https://static.usrfiles.com/ugd/5f5755_cea0083c0dd84e588197407aaab69262.pdf
- https://static.usrfiles.com/ugd/04e6f9_b9f739ad063b42f0bf3f03aacbc41591.pdf
- https://static.usrfiles.com/ugd/4b68be_0a413a8906d6448a959771d428bc9c48.pdf
- https://static.usrfiles.com/ugd/81d6a4_c24e0c07c31045dcb6f2532f98df3832.pdf
- https://static.usrfiles.com/ugd/4ae4db_44e4cf6e666b47228f95290ff1419522.pdf
- https://static.usrfiles.com/ugd/4d548e_6d82ec1ef78448a7ac0aff84a48d9b97.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006cbf.bin292de3778e5e1706e741683682ec99417473171dc99513cd617cd47c97d43496 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CBF | 5248 bytes |
font_01_sfnt_off00007e91.bin41ab783bf053930b85e427bf9f407add6abc5ac725820823298afe763969f429 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E91 | 9980 bytes |
font_02_sfnt_off0000a0e6.bin2ec7b87bc56cc33d32d243ecb23d136f13b6601874843951a4ee16d7972f48d9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA0E6 | 16116 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.