MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a mass of external links, many pointing to benign Shopify domains, but one critical link to ttraff.cc is identified as a malicious redirector. The document body, though heavily obfuscated, contains the same malicious URL and a benign-looking filename related to software programming, suggesting a lure. The primary attack vector is likely a phishing attempt to redirect users to malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=rslogix%205000%20programming%20pdf
- http://files.assetviewcapital.com/uploads/1/3/1/4/131408024/f4eb49e.pdf
- http://files.quickstitchplus.com/uploads/1/3/1/4/131406222/4713347.pdf
- http://files.athicketoftales.com/uploads/1/3/2/7/132710601/pekuzolavokek.pdf
- http://files.willowcreekbands.org/uploads/1/3/1/0/131069887/ceaa79b227c.pdf
- https://cdn.shopif
- https://cdn.shopify.com/s/files/1/0430/4365/1741/files/23280304943.pdf
- https://cdn.shopify.com/s/files/1/0430/9093/5969/files/sharebutton._to_google_analytics.pdf
- https://cdn.shopify.com/s/files/1/0432/3731/0626/files/fixed_assets_accounting_entries.pdf
- https://cdn.shopify.com/s/files/1/0430/8343/2096/files/23521569616.pdf
- https://cdn.shopify.com/s/files/1/0435/7256/0033/files/exploraciones_student_activities_manual_answers.pdf
- https://cdn.shopify.com/s/files/1/0429/4190/7100/files/descargar_caballo_de_troya_2_masada.pdf
- https://cdn.shopify.com/s/files/1/0429/5534/1977/files/fonuganawab.pdf
- https://cdn.shopify.com/s/files/1/0438/3604/7522/files/runulopo.pdf
- https://cdn.shopify.com/s/files/1/0430/3287/1074/files/5448029722.pdf
- https://cdn.shopify.com/s/files/1/0427/4028/5607/files/faradelirufodeladasovop.pdf
- https://cdn.shopify.com/s/files/1/0440/1692/6870/files/22743650388.pdf
- https://cdn.shopify.com/s/files/1/0435/3087/9125/files/how_to_print_labels_from_google_sheets.pdf
- https://cdn.shopify.com/s/files/1/0434/0973/5845/files/gubobakovemanejufigiveb.pdf
- https://cdn.shopify.com/s/files/1/0428/1237/5207/files/korurebixosodoxunafo.pdf
- https://cdn.shopify.com/s/files/1/0436/4930/2693/files/wujinimupaxi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006a9e.bin3859adb86a278dfb27204daeab30cabe8e7e6c03b8e4f73adc6e7ccf1f3a83fa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6A9E | 5704 bytes |
font_01_sfnt_off00007dfe.bin8f1c607182b7679a9be082a8c3976055551dccf09fca8c5a61c55ea30bb56310 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7DFE | 10084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.