MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains multiple embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, contains a URL that matches the redirector. This indicates a likely attempt to direct users to malicious content, possibly for phishing or malware delivery. The presence of a large number of external links, many hosted on Shopify, suggests a link farm or SEO poisoning tactic to increase visibility.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=anime+live+wallpaper+apk+mod
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/gamawogedeveredu.pdf
- https://cdn.shopify.com/s/files/1/0462/7746/0128/files/born_to_die_album_mega.pdf
- https://cdn.shopify.com/s/files/1/0432/9078/8000/files/joluxesafufolufada.pdf
- https://cdn.shopify.com/s/files/1/0429/1778/9863/files/vojesiguzewitinenepu.pdf
- https://cdn.shopify.com/s/files/1/0434/5449/6935/files/pdf_converter_to_word_file_free.pdf
- https://cdn.shopify.com/s/files/1/0432/1322/6143/files/60557392578.pdf
- https://cdn.shopify.com/s/files/1/0429/0235/6127/files/university_calculus_early_transcendentals_2nd_edition.pdf
- https://cdn.shopify.com/s/files/1/0435/6741/5457/files/green_supply_chain_management_definition.pdf
- https://static.usrfiles.com/ugd/0779a3_c618eb72877148d19377998bfb6f9f96.pdf
- https://static.usrfiles.com/ugd/b8c837_c2385d517cd24c5f8a47f9ca32f2eb64.pdf
- https://static.usrfiles.com/ugd/fd3290_d553ca90bbde48459562d1bd346b7604.pdf
- https://static.usrfiles.com/ugd/b8c837_24eca2a73b324c8b913d0c713845b476.pdf
- https://static.usrfiles.com/ugd/bae363_de5ce1bbacdd4e049b63b5dd58ba3288.pdf
- https://static.usrfiles.com/ugd/b8c837_e28afd06c8264c08865d04d662f7ae40.pdf
- https://static.usrfiles.com/ugd/45e30f_72555e27a24040098c4a8fbc0ca6e28e.pdf
- https://static.usrfiles.com/ugd/4b7290_2c41c3dce3994115b748986fb6bb5413.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005641.bine2af4e1275d29963403ab71983cbef3e609540598a88d12ef266d8a699319115 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5641 | 5132 bytes |
font_01_sfnt_off000067a9.binc9c850e9c351ce199d5e9d1c42a783cd39d33267a74ccb43d8a2fed304f07254 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67A9 | 1796 bytes |
font_02_sfnt_off00007034.binccaa77fc3a47ab86290c92d5cb0232c419cf39f7c203e0983366ffd236b43378 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7034 | 10392 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.