MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.001 PowerShell
The PDF file exhibits characteristics of a link farm, with a high volume of embedded URLs pointing to external PDF documents. One of these URLs, 'https://ttraff.com/wix?keyword=akrotiri+santorini+guided+tours', is flagged as a malicious redirector. The document body contains garbled text alongside the malicious URL and other benign-looking Shopify URLs, suggesting an attempt to disguise the malicious intent. The primary attack pattern appears to be SEO manipulation or a lure to potentially malicious content hosted on external sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=akrotiri+santorini+guided+tours
- https://cdn.shopify.com/s/files/1/0432/8764/2270/files/addition_with_regrouping_for_grade_1.pdf
- https://cdn.shopify.com/s/files/1/0459/8733/2253/files/rojibatuwikidadarafona.pdf
- https://cdn.shopify.com/s/files/1/0438/5934/5573/files/tuvabololivufag.pdf
- https://cdn.shopify.com/s/files/1/0431/5847/0813/files/kifizojoteludo.pdf
- https://cdn.shopify.com/s/files/1/0432/7967/9656/files/tenopumapulapibodujedox.pdf
- https://cdn.shopify.com/s/files/1/0432/1152/2209/files/zelda_ocarina_of_time_n64_guide.pdf
- https://cdn.shopify.com/s/files/1/0436/2610/2947/files/nasefekorudadipokawonere.pdf
- https://cdn.shopify.com/s/files/1/0435/5971/4971/files/25859304447.pdf
- https://static.usrfiles.com/ugd/f96b02_0d7db8888aa34a7c820414cf2de054dc.pdf
- https://static.usrfiles.com/ugd/b8c837_dcd2d19f2e0347388e6efd2680f7a612.pdf
- https://static.usrfiles.com/ugd/e23fbb_c31932f53eaa4efab158e74acb37cbd5.pdf
- https://static.usrfiles.com/ugd/b8c837_04575e3c877248a19f699182ba6cc4b2.pdf
- https://static.usrfiles.com/ugd/b6bf5b_01d28c6172f94061ba8970bd8b058ac4.pdf
- https://static.usrfiles.com/ugd/d5415a_f2d8f07aee8444d7b6b2befc84a81bc7.pdf
- https://static.usrfiles.com/ugd/b8c837_fd4a7e60274e4d42a243b4931c649e09.pdf
- https://static.usrfiles.com/ugd/b8c837_9fb24b56143f48fe9235d6d03ba7d6b2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000063e5.bin1da6b5e3f800e2117fd01239b3dccbb0d207e8e7572f8419d62c3b3d64240ba3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63E5 | 5016 bytes |
font_01_sfnt_off00007509.bin0b8ee2a63bec054458aabc94608387f90f1291f688105b32bf03da816e2b0f38 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7509 | 10164 bytes |
font_02_sfnt_off000097ee.bin0985fae96dd415cf4f9b86d26e26dae7a1fa2544e3460352975b8bb4836d3972 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97EE | 17388 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.