MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of external links, a technique often used in SEO link farms to manipulate search engine rankings. One of these links, 'https://ttraff.cc/wix?keyword=os+professores+e+sua+forma%25C3%25A7%25C3%25A3o+antonio+novoa+livro', is identified as a known malicious redirector. The document body itself appears to be garbled text related to a book title, likely a lure. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=os+professores+e+sua+forma%25C3%25A7%25C3%25A3o+antonio+novoa+livro
- https://static.usrfiles.com/ugd/dd4472_39293b42ed98443aaa10a21d10284bc9.pdf
- https://static.usrfiles.com/ugd/15cd4d_c018a32ec1f647f4938974f7bbf24af6.pdf
- https://static.usrfiles.com/ugd/432b07_73244a3157b641d98a680a4ecec15de1.pdf
- https://static.usrfiles.com/ugd/b8c837_a23303dda1464c76afcaca4c6ccba19b.pdf
- https://static.usrfiles.com/ugd/43d598_f91d9231f1a74c1ca1d7c8feede48155.pdf
- https://static.usrfiles.com/ugd/cc14e4_618545ad7a62475da5991de7c9f428e8.pdf
- https://static.usrfiles.com/ugd/dc8a8e_8d654085cb2042baa010f3db6ed43853.pdf
- https://static.usrfiles.com/ugd/b8c837_57ff512707e844248063155b12a8eefa.pdf
- https://static.usrfiles.com/ugd/b8c837_827da922098545088a16e3430e65f54c.pdf
- https://static.usrfiles.com/ugd/b8c837_60555049390642529381efb17e044f90.pdf
- https://static.usrfiles.com/ugd/b8c837_9a3ef07e97904202a80aa852f99cc785.pdf
- https://static.usrfiles.com/ugd/804ff6_0716640041a14a78bbc0d6a511de0cb9.pdf
- https://static.usrfiles.com/ugd/738632_2fd1c58d345e48c2a9fa7f53a77261a7.pdf
- https://static.usrfiles.com/ugd/b8c837_3ed2aaded1c3425d813f5387c4679206.pdf
- https://cdn.shopify.com/s/files/1/0433/7316/6744/files/kafaze.pdf
- https://cdn.shopify.com/s/files/1/0435/6957/8147/files/libro_de_auditoria_operativa.pdf
- https://cdn.shopify.com/s/files/1/0434/2992/0930/files/dekivo.pdf
- https://cdn.shopify.com/s/files/1/0435/1157/8776/files/zibutejuturileditaje.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://hdl.handle.net/10451/4758
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004d90.bind0e4796756c5f73261c9ecfd09ec9aadf0f3a7ad4f8c8f5f1b04a157fcbe3233 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4D90 | 5516 bytes |
font_01_sfnt_off00005fae.bin18e4060460f5258ecc11f9ffad9f83c7d98dd590f4ea525c9e71e605b26e47af |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FAE | 11508 bytes |
font_02_sfnt_off000082be.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82BE | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.