MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded URLs, identified as a link farm. One of these URLs, 'https://ttraff.link/pify?keyword=calculo+diferencial+e+integral+pearson+conamat+pdf', is flagged as a malicious redirector. The document body is heavily obfuscated but contains references to the same URL and other PDF links, suggesting a coordinated effort to distribute content or manipulate search results. No scripts were extracted, limiting the analysis of direct payload delivery.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/pify?keyword=calculo+diferencial+e+integral+pearson+conamat+pdf
- http://files.yidneyrocks.com.au/uploads/1/3/1/4/131452958/wejoni_losumomimes_potegefe.pdf
- http://files.boshuster.com/uploads/1/3/1/1/131163512/f81c3dfe5e80cf.pdf
- http://files.apg-ga.us/uploads/1/3/1/4/131406613/pesonamajivas.pdf
- http://files.gbcncin.org/uploads/1/3/1/4/131453902/xapigi_favulofozebuli.pdf
- http://xedejosul.mountmmbc.com/uploads/1/3/0/8/130814673/lozilukusal_duluruzuwaj_kajosazepubuko_negiwepijerep.pdf
- https://cdn.shopify.com/s/files/1/0431/8055/6452/files/20743955278.pdf
- https://cdn.shopify.com/s/files/1/0430/6989/8909/files/81252125574.pdf
- https://cdn.shopify.com/s/files/1/0429/0733/6857/files/85069914517.pdf
- https://cdn.shopify.com/s/files/1/0432/1977/9742/files/21291439910.pdf
- https://cdn.shopify.com/s/files/1/0432/8184/2341/files/21061832181.pdf
- https://cdn.shopify.com/s/files/1/0430/4610/9341/files/bolil.pdf
- https://cdn.shopify.com/s/files/1/0428/3380/5471/files/make_your_own_handwriting_practice_worksheets.pdf
- https://cdn.shopify.com/s/files/1/0431/5208/1053/files/69161499920.pdf
- https://cdn.shopify.com/s/files/1/0430/9558/9013/files/application_for_teacher_job_in_english.pdf
- https://cdn.shopify.com/s/files/1/0432/6660/5209/files/sfg_2_3._6_mod_apk.pdf
- https://cdn.shopify.com/s/files/1/0428/1712/6556/files/git_branch_name.pdf
- https://cdn.shopify.com/s/files/1/0431/8186/7176/files/fenaxowonalusanib.pdf
- https://cdn.shopify.com/s/files/1/0434/5053/2001/files/xatajufipariru.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000525b.bine9244cb7146c17a071eda0297e85818151d88afc9fc11d48f54d16cbd3c0a60d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x525B | 5380 bytes |
font_01_sfnt_off0000648c.bin5bf653a1986c28aac6127450e3d887eb906a8f23f03a1652dc4ae3764fa6c539 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x648C | 10244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.