MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.cc/wb?keyword=today%20dinathanthi%20newspaper%20pdf%20download'. The document body also contains this URL and a list of other URLs, many hosted on cdn.shopify.com, presented as download links. The presence of a 'SE_DOWNLOAD_BUTTON' heuristic further supports the lure mechanism. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=today%20dinathanthi%20newspaper%20pdf%20download
- http://files.mexitem.com/uploads/1/3/2/7/132710678/6740723.pdf
- http://files.landzmanagement.com/uploads/1/3/1/3/131379828/janez_tuwokokerixav_dipoka.pdf
- http://buwimupol.jusrydetrackclub.com/uploads/1/3/1/4/131408027/fapilenijaza-dulaj.pdf
- http://files.integratedenterprisesoftware.com/uploads/1/3/0/7/130776639/6892536.pdf
- https://cdn.shopify.com/s/files/1/0433/0940/0214/files/58055245251.pdf
- https://cdn.shopify.com/s/files/1/0430/8582/4164/files/41010905300.pdf
- https://cdn.shopify.com/s/files/1/0428/2915/2423/files/37556996173.pdf
- https://cdn.shopify.com/s/files/1/0431/6397/5835/files/d3_pin_node_double_click.pdf
- https://cdn.shopify.com/s/files/1/0434/9739/0244/files/kokupubusilevetepamu.pdf
- https://cdn.shopify.com/s/files/1/0431/1885/4306/files/80836251136.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/61259485886.pdf
- https://cdn.shopify.com/s/files/1/0438/8257/8088/files/wedomitalexa.pdf
- https://cdn.shopify.com/s/files/1/0438/3241/0272/files/how_to_untrack_files_in_git.pdf
- https://cdn.shopify.com/s/files/1/0428/3750/8252/files/zizuradovililasowagog.pdf
- https://cdn.shopify.com/s/files/1/0437/4947/4453/files/most_common_chinese_characters.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_004_off00005de6.bin6aab71322584077289e3e95d401bd9a052fafa78e67d95c03612a1dabaa21522 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5DE6 | 16212 bytes |
font_00_sfnt_off00004ca8.bin10aabfa069703d5721f8aa6bfb73068156dd7390042d61b3b9f49e975097238a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4CA8 | 5060 bytes |
font_02_sfnt_off0000848d.binc1d921fafdbd424bc50d17fa40cb8b19658d9402ec485d5c7758056e39c1ee56 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x848D | 9728 bytes |
font_03_sfnt_off0000a5bd.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA5BD | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.