MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to a link farm hosted on cdn.shopify.com. One critical heuristic firing indicates a direct link to a known malicious redirector at 'ttraff.ru'. The document body appears to be obfuscated or corrupted, but the presence of numerous links strongly suggests a phishing or redirection attempt. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wb?keyword=homotopy%20analysis%20method%20in%20nonlinear%20differential%20equations%20shijun%20liao%20pdf
- http://files.karenchickfineart.com/uploads/1/3/2/7/132712355/nugasu_linofomowidofut.pdf
- http://files.wholeypiebatman.com/uploads/1/3/1/4/131437249/dofoguzakeni.pdf
- http://files.donedberg.com/uploads/1/3/1/4/131407148/598f6c25b.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/81858120772.pdf
- https://cdn.shopify.com/s/files/1/0430/9096/8729/files/258073209.pdf
- https://cdn.shopify.com/s/files/1/0438/9984/6824/files/yahoo_notepad_login.pdf
- https://cdn.shopify.com/s/files/1/0429/1526/6713/files/3835864190.pdf
- https://cdn.shopify.com/s/files/1/0433/5999/4014/files/pusunufaxejenagivex.pdf
- https://cdn.shopify.com/s/files/1/0432/7908/9824/files/53867843668.pdf
- https://cdn.shopify.com/s/files/1/0436/6876/6873/files/gipilodevenunuv.pdf
- https://cdn.shopify.com/s/files/1/0433/7496/8997/files/39605336658.pdf
- https://cdn.shopify.com/s/files/1/0433/2738/9851/files/83427267397.pdf
- https://cdn.shopify.com/s/files/1/0432/0965/4432/files/wekipukomorozugove.pdf
- https://cdn.shopify.com/s/files/1/0432/4134/1092/files/23436207802.pdf
- https://cdn.shopify.com/s/files/1/0434/6055/9013/files/xirivurikuvax.pdf
- https://cdn.shopify.com/s/files/1/0435/3212/4312/files/pafetugapuzobeso.pdf
- https://cdn.shopify.com/s/files/1/0430/9975/0560/files/rip_music_from_youtube.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000071b5.bin572414c3261cdb768be531089625829d46c134f16c9c6aaa4f7f8199c2846370 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71B5 | 5548 bytes |
font_01_sfnt_off00008469.bin056b6f7cd2e94f6d8659f7cb0e54af2878cb5af09b5f8b65e423db174533eb2f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8469 | 10616 bytes |
font_02_sfnt_off0000a8ef.bin2c73253ca21ed5f89f2fad103dae046e306b28b88f3eacfa22178dbe970dfe77 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA8EF | 16144 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.