MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.cc/pify?keyword=kumpulan+lagu+batak+toba+lama'. This URL is likely used to redirect the user to a malicious site. The document also contains a large number of embedded links, many of which point to Shopify domains, suggesting a link farm or SEO poisoning attempt to increase visibility. The document body contains garbled text but also includes the malicious URL and several benign-looking PDF links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=kumpulan+lagu+batak+toba+lama
- https://cdn.shopify.com/s/files/1/0432/8344/7968/files/watchersweb_club_house.pdf
- https://cdn.shopify.com/s/files/1/0430/7910/6724/files/get_happy_the_life_of_judy_garland.pdf
- https://cdn.shopify.com/s/files/1/0432/1673/2315/files/public_finance_management_act_zimbabwe.pdf
- https://cdn.shopify.com/s/files/1/0433/3505/7566/files/dictionary_pronunciation_guides.pdf
- https://static.usrfiles.com/ugd/5bb01c_b022bf7853864cdb87e7cc7aaf10349b.pdf
- https://static.usrfiles.com/ugd/ca300b_d56477734afd4b16ad87ee4ac35c72ef.pdf
- https://static.usrfiles.com/ugd/b8c837_c76d37e2515a4a21b7f32e3888465f3a.pdf
- https://static.usrfiles.com/ugd/d775a9_605d2f85c7b84ddaa4f956807e6117ca.pdf
- https://static.usrfiles.com/ugd/217d68_dd282f523c5e421a965cde8727822c24.pdf
- https://static.usrfiles.com/ugd/b8c837_422c888f9e82495c94ff9367b1149fcd.pdf
- https://static.usrfiles.com/ugd/374ce0_d87b1141a83d43f09cfa1d5be5a92839.pdf
- https://static.usrfiles.com/ugd/b8c837_bcf8ae4208574a229b816d0d778b054c.pdf
- https://static.usrfiles.com/ugd/b8c837_687432d7fb5a4018b283f64ed50952c2.pdf
- https://static.usrfiles.com/ugd/b8c837_e19b1b304b08440b8938ddfcc4b87809.pdf
- https://static.usrfiles.com/ugd/b8c837_5109253166b049b291c4531faa663632.pdf
- https://static.usrfiles.com/ugd/b65acf_a6cf8ffa4ced449493725eff9e2a2e2a.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005b5f.bin6941caddae1c725e750f282df1f306b01d9f97822f8f126d22455261159df84e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5B5F | 5036 bytes |
font_01_sfnt_off00006c6a.bina36eee06fef6ce219692c4ec918276ac99413e4fd1e3666e4031624f9289d620 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6C6A | 1800 bytes |
font_02_sfnt_off000074f7.bin0161ca9b4729fe1a4720ba25876fd30c6b181950e45d314cf131b390f7bf1fb3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74F7 | 14960 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.