MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a critical heuristic firing for a malicious redirector link, specifically pointing to 'ttraff.com'. This indicates an attempt to redirect the user to a malicious site, likely for phishing or malware distribution. The document body, though heavily obfuscated, contains text related to 'Barbie doll clothes patterns pdf', serving as a lure. The presence of numerous other PDF links, many hosted on Shopify, suggests a link farm or SEO poisoning tactic to increase visibility.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=barbie+doll+clothes+patterns+pdf
- http://files.ambassadorsofnature.com/uploads/1/3/0/7/130775150/fogiladubejusiz-fimajigoga-doxofufabixile.pdf
- http://files.harrisburghigh.org/uploads/1/3/1/3/131379371/d7ff44.pdf
- http://files.cjlfastpitch.com/uploads/1/3/1/4/131483336/76e3a544d7c36f.pdf
- http://files.wastelessjewelryandcompany.com/uploads/1/3/0/9/130969408/9094262.pdf
- https://cdn.shopify.com/s/files/1/0431/9569/5268/files/lelaworurejetugewi.pdf
- https://cdn.shopify.com/s/files/1/0430/6462/3265/files/49481566767.pdf
- https://cdn.shopify.com/s/files/1/0434/5882/2296/files/lesibevozaxevesigewuxupi.pdf
- https://cdn.shopify.com/s/files/1/0435/5594/6645/files/58538399722.pdf
- https://cdn.shopify.com/s/files/1/0435/1826/3464/files/vogeso.pdf
- https://cdn.shopify.com/s/files/1/0430/3945/7431/files/62052248415.pdf
- https://cdn.shopify.com/s/files/1/0438/1786/1277/files/66701833007.pdf
- https://cdn.shopify.com/s/files/1/0431/2514/5754/files/55168978864.pdf
- https://cdn.shopify.com/s/files/1/0430/7140/6237/files/36691103155.pdf
- https://cdn.shopify.com/s/files/1/0434/4895/9141/files/voruxetupunow.pdf
- https://cdn.shopify.com/s/files/1/0433/0697/5382/files/45599252484.pdf
- https://cdn.shopify.com/s/files/1/0435/8239/0435/files/90742611878.pdf
- https://cdn.shopify.com/s/files/1/0431/1659/3312/files/jomotofefapevipexef.pdf
- https://cdn.shopify.com/s/files/1/0429/7896/7703/files/23980471308.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0435/5594
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000071fa.bin5a08eb2e51e24fb7cec5959be048a4fd8e613c49e648eac6d356621c41b1dbf0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71FA | 5220 bytes |
font_01_sfnt_off0000839f.bin540a3e9904995823f3a2c2a7ad76d91cd5ebeceb814c458005410044e5be97d2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x839F | 10348 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.