MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.ru/pify?keyword=240-+523-+3767'. Additionally, a PDF link farm heuristic indicates the presence of numerous external links, with the first identified as 'https://cdn.shopify.com/s/files/1/0438/8149/6744/files/vutuvini.pdf'. The document body, though heavily obfuscated, contains the same redirector URL, reinforcing the malicious intent. The primary goal appears to be luring the user to a malicious site.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=240-+523-+3767
- http://files.patsendangeredanimals.com/uploads/1/3/2/7/132740670/nijirar.pdf
- http://files.silverfincharts.com/uploads/1/3/1/8/131871467/e911a57d2bd.pdf
- http://files.blinkofaneyehealing.com/uploads/1/3/0/7/130738641/5218771.pdf
- https://cdn.shopify.com/s/files/1/0438/8149/6744/files/vutuvini.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/ridojunewosinojep.pdf
- https://cdn.shopify.com/s/files/1/0434/1461/8262/files/75990095233.pdf
- https://cdn.shopify.com/s/files/1/0430/8657/7828/files/ragixagoz.pdf
- https://cdn.shopify.com/s/files/1/0430/2569/4883/files/37938506330.pdf
- https://cdn.shopify.com/s/files/1/0437/3970/9589/files/zajinajubomilimene.pdf
- https://cdn.shopify.com/s/files/1/0429/0763/1783/files/manefowurepalujiz.pdf
- https://cdn.shopify.com/s/files/1/0435/7154/4225/files/11312645685.pdf
- https://cdn.shopify.com/s/files/1/0434/8323/4470/files/83091972013.pdf
- https://cdn.shopify.com/s/files/1/0428/0591/9903/files/sisezimokurawexe.pdf
- https://cdn.shopify.com/s/files/1/0433/7880/2846/files/62070994679.pdf
- https://cdn.shopify.com/s/files/1/0428/4638/8380/files/30830458508.pdf
- https://cdn.shopify.com/s/files/1/0429/0124/2022/files/meroxebezedudizatesuxobaw.pdf
- https://cdn.shopify.com/s/files/1/0430/7196/3296/files/99827680897.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d9d4.bin751355be5ac8a164ff20cb5a50751d4d64ff0ac18d003634c2be299188fa5783 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD9D4 | 4312 bytes |
font_01_sfnt_off0000e86f.bin221aa2c4c35f2afd36caf8c057e1d135ce73e5cc02af72d641c1112013c3d8ac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE86F | 16504 bytes |
font_02_sfnt_off00011b2e.bind1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11B2E | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.