MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.me/wix?keyword=chukar+mere+man+ko+song++bestwap'. Additionally, it exhibits a PDF link farm heuristic, with many links pointing to Shopify domains, one of which is 'https://cdn.shopify.com/s/files/1/0434/0629,5196/files/nasm_manual.pdf'. The 'SE_PASSWORD_ARCHIVE_LURE' heuristic indicates the document likely instructs the user to open a password-protected archive, a common tactic to bypass gateway security. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=chukar+mere+man+ko+song++bestwap
- https://cdn.shopify.com/s/files/1/0434/0629/5196/files/nasm_manual.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/fasexerogetotano.pdf
- https://cdn.shopify.com/s/files/1/0431/2776/7206/files/sakozo.pdf
- https://cdn.shopify.com/s/files/1/0428/0179/1132/files/assumptions_of_cardinal_utility_approach.pdf
- https://cdn.shopify.com/s/files/1/0462/2018/1658/files/tabenidewazuwevetosupa.pdf
- https://cdn.shopify.com/s/files/1/0430/8752/8103/files/livro_associativismo.pdf
- https://cdn.shopify.com/s/files/1/0437/4655/8113/files/kurom.pdf
- https://cdn.shopify.com/s/files/1/0427/7927/9527/files/vomat.pdf
- https://cdn.shopify.com/s/files/1/0439/2147/3691/files/9912008598.pdf
- https://cdn.shopify.com/s/files/1/0433/4501/9045/files/31792336646.pdf
- https://static.usrfiles.com/ugd/d01287_a7dcfc8ca07b4d0dbf8890a94293d7cb.pdf
- https://static.usrfiles.com/ugd/3e9e83_715735306c49474e8c20bec6969bf6b9.pdf
- https://static.usrfiles.com/ugd/f3ecbe_5a5828f0457a48068838204fcb1b2836.pdf
- https://static.usrfiles.com/ugd/de02f3_c46d65b197b14b43beb74f2f37620f8a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e0de.binb7b9bd3b461d3cb17fd1d46199ac0600d1470bffcd665a88593125aeeb01bd71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0DE | 5400 bytes |
font_01_sfnt_off0000f31c.bin61d048dff07b9fefcc52878a6a38b67be4dc44b839ae8a502f620c2021b92438 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF31C | 13396 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.