MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to ttraff.cc. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, many hosted on Shopify. The presence of a 'download button' lure and the embedded malicious URL suggest a phishing or redirection attack aimed at delivering further malware or leading users to malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=bundesliga+live+radio+app+android
- http://files.brmandel.com/uploads/1/3/1/4/131407823/4141153.pdf
- https://cdn.shopify.com/s/files/1/0431/4395/4594/files/918939586.pdf
- https://cdn.shopify.com/s/files/1/0431/9641/6157/files/biology_lab_manual.pdf
- https://cdn.shopify.com/s/files/1/0433/7985/1414/files/pokanobiwobumarozexiwus.pdf
- https://cdn.shopify.com/s/files/1/0431/2337/6277/files/35173948952.pdf
- https://cdn.shopify.com/s/files/1/0430/4519/1841/files/jidufukisumorakiwunajoni.pdf
- https://cdn.shopify.com/s/files/1/0433/2748/8168/files/53861403034.pdf
- https://cdn.shopify.com/s/files/1/0431/6869/4432/files/linkers_of_addition_and_contrast.pdf
- https://cdn.shopify.com/s/files/1/0440/7679/4021/files/35998811376.pdf
- https://cdn.shopify.com/s/files/1/0427/7505/2454/files/latusafodamivejopi.pdf
- https://cdn.shopify.com/s/files/1/0439/9307/1774/files/70977859051.pdf
- https://cdn.shopify.com/s/files/1/0430/3893/3146/files/52371176537.pdf
- https://cdn.shopify.com/s/files/1/0430/6645/8265/files/juxifewajudod.pdf
- https://cdn.shopify.com/s/files/1/0435/4313/4362/files/animal_cell_organelles_and_their_functions.pdf
- https://cdn.shopify.com/s/files/1/0428/9013/3663/files/cookie_clicker_open_sesame.pdf
- https://cdn.shopify.com/s/files/1/0432/4687/8882/files/sepal.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006223.bin8b56b7942428dbd3e98e001513c80b40e3588b66f464d283153eca76f1537d11 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6223 | 5236 bytes |
font_01_sfnt_off000073fc.bin07acad79e72342d410b169a3987608c59c5daac1d0b20bf8ead3d112a53a3bfd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x73FC | 9976 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.