MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a link farm designed to lure users with seemingly legitimate content, such as news articles. The primary malicious link, 'https://ttraff.cc/pify?keyword=malayala+manorama+news+paper+today+palakkad+edition+pdf', redirects to malicious infrastructure. The file also contains numerous other links pointing to potentially malicious PDF files hosted on various domains, suggesting a broad distribution or redirection strategy.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=malayala+manorama+news+paper+today+palakkad+edition+pdf
- http://files.tomorrowphotos80.com/uploads/1/3/1/4/131453247/a492f.pdf
- http://files.myabigails.com/uploads/1/3/1/4/131453902/lumekadi.pdf
- http://files.arcticaircaribbean.com/uploads/1/3/1/8/131856949/409a1d09d3d52b.pdf
- http://files.kieratippett.com/uploads/1/3/0/8/130874683/e2c36b267d184e6.pdf
- http://files.accuratecmmservices.com/uploads/1/3/0/7/130739470/balowazimo.pdf
- https://cdn.shopify.com/s/files/1/0432/0106/9220/files/maintenance_replacement_and_reliability_theory_and_applications_second_edition.pdf
- https://cdn.shopify.com/s/files/1/0434/0026/5878/files/marcy_diamond_elite.pdf
- https://cdn.shopify.com/s/files/1/0429/5340/8675/files/dimuwulebum.pdf
- https://cdn.shopify.com/s/files/1/0431/2157/4044/files/10727360848.pdf
- https://cdn.shopify.com/s/files/1/0431/8773/2644/files/converting_fractions_to_decimals_worksheet.pdf
- https://cdn.shopify.com/s/files/1/0440/7640/0792/files/96152302264.pdf
- https://cdn.shopify.com/s/files/1/0434/4204/5090/files/cambridge_igcse_ict_study_and_revision_guide.pdf
- https://cdn.shopify.com/s/files/1/0429/2762/0249/files/wowebaw.pdf
- https://cdn.shopify.com/s/files/1/0430/6927/6313/files/katejazatajutubeka.pdf
- https://cdn.shopify.com/s/files/1/0432/2738/1920/files/44333002291.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off0000725b.bin92fd4fe94f30f2b30cbf172e1e4e08ff9a1d272380727e9eeae95c132d2e72ac |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x725B | 8204 bytes |
font_00_sfnt_off00005fcc.bin840b4016ff24b4c827b545160ee5a1dcf99991244ca3ecb41a55e6628dabc16f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FCC | 5448 bytes |
font_02_sfnt_off00008e62.bina4165e2b4f1119355dfce3258ed595a1fafd59ff0198218d2f2240e4239b4432 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8E62 | 9816 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.