MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.club/pify?keyword=chloroform+water+miscibility'. This URL is likely the primary mechanism for delivering a malicious payload or leading the user to a phishing page. The document also contains a large number of embedded links, many of which point to benign Shopify URLs, suggesting a link farm or SEO poisoning tactic. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/pify?keyword=chloroform+water+miscibility
- https://cdn.shopify.com/s/files/1/0438/4541/9165/files/49761316618.pdf
- https://cdn.shopify.com/s/files/1/0439/7685/1614/files/liquide_amniotique.pdf
- https://cdn.shopify.com/s/files/1/0435/6967/6451/files/reproduction_in_chlamydomonas.pdf
- https://cdn.shopify.com/s/files/1/0434/1471/6572/files/nys_mandated_reporter_phone_number.pdf
- https://cdn.shopify.com/s/files/1/0432/1250/5243/files/place_value_worksheets_hundreds_tens_and_ones.pdf
- https://static.usrfiles.com/ugd/d54300_eef4490565ba4b32a53ced91876666ac.pdf
- https://static.usrfiles.com/ugd/6e3131_e2c102f5924f4e1ba80c63728957a36d.pdf
- https://static.usrfiles.com/ugd/6846fe_12fcbb1d69bd43c0b5e7fd8b857a554b.pdf
- https://static.usrfiles.com/ugd/7e6083_41c84c0cfe784e5484995978aef9b359.pdf
- https://static.usrfiles.com/ugd/7e6083_940a4f1b8b344fd9b3250bdb085d5f6a.pdf
- https://cdn.shopify.com/s/files/1/0433/6690/8054/files/kafinanetixoxesux.pdf
- https://cdn.shopify.com/s/files/1/0431/3153/5524/files/motodukarifamubo.pdf
- https://cdn.shopify.com/s/files/1/0459/6763/8695/files/61299019160.pdf
- https://cdn.shopify.com/s/files/1/0433/1054/7099/files/funowagutozod.pdf
- https://static.usrfiles.com/ugd/df4650_a62b3bd65973468ebd19982d399b9607.pdf
- https://static.usrfiles.com/ugd/e78b77_41f27ed6777e4e3a81a5ef490ab88e40.pdf
- https://static.usrfiles.com/ugd/b8c837_9025036dbb73489ea427cea1acc51b50.pdf
- https://static.usrfiles.com/ugd/b8c837_eae511e1d280401e82e865bf8488f0b6.pdf
- https://static.usrfiles.com/ugd/accd1f_03a3a5b2468142749737e0fc1484e63a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fcf0.bine372b72275a5be51254aef29237819e264f8666627f7fcebc053501b44a96939 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFCF0 | 6492 bytes |
font_01_sfnt_off00010d24.bin63911deb8b66277d2db827e69feb87780ca77fe2daf116a42a3eb60888f9d5a4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D24 | 5360 bytes |
font_02_sfnt_off00011f43.bin4e89617015932d0298c5f09913978d1d8664a1f1cd299e9af50ba3085631eb7e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11F43 | 16340 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.