MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to potentially malicious redirectors or link farms. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK indicates that at least one URL is known to lead to malicious infrastructure. The PDF_SEO_LINK_FARM heuristic further suggests a deliberate attempt to create a large number of outbound links, likely for SEO manipulation or to distribute malicious content. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wb?keyword=addition%20worksheets%20kindergarten%20free%20printables
- http://files.afmsupplements.com/uploads/1/3/2/3/132302815/972851.pdf
- http://files.canningcomputerrepairs.com.au/uploads/1/3/2/6/132681477/2886187.pdf
- http://files.marketmovesmatt.com/uploads/1/3/0/8/130874629/nuvigure-bufagejiv.pdf
- http://files.bi-radialmatrixintro.com/uploads/1/3/2/6/132682936/volewisitogeli_tukesenuxarudew.pdf
- http://files.authenticbathroomrenovators.com/uploads/1/3/1/4/131454126/jekokitupi_zerosudisusevom_refewudoxoro.pdf
- http://files.iaeast-ptia.com/uploads/1/3/2/6/132696015/3383489.pdf
- http://files.stlouisarchangels.com/uploads/1/3/0/7/130775867/3064516.pdf
- http://files.stlouiscivilwarball.com/uploads/1/3/2/6/132695780/punipa_vefukage.pdf
- http://files.stlouisarchangels.com/uplo
- https://fogedovuf.files.wordpress.com/2020/07/noxajuvitipubikowojijen.pdf
- https://pomedefasef.files.wordpress.com/2020/06/63835787268.pdf
- https://jizixonevaxa.files.wordpress.com/2020/07/lexefekapetenaj.pdf
- https://jarojadum.files.wordpress.com/2020/07/gubemataribazi.pdf
- https://takipeximon.files.wordpress.com/2020/07/zejew.pdf
- https://cdn.shopify.com/s/files/1/0431/3127/3365/files/givevudaxoxepuveboz.pdf
- https://cdn.shopify.com/s/files/1/0430/4663/3621/files/86079720417.pdf
- https://cdn.shopify.com/s/files/1/0433/4790/2629/files/kimasarozoguwetufagibu.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/jonamov.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/38659434623.pdf
- https://cdn.shopify.com/s/files/1/0429/7188/9817/files/15689507905.pdf
- https://cdn.shopify.com/s/files/1/0432/2590/7368/files/lovov.pdf
- https://cdn.shopify.com/s/files/1/0432/9363/8811/files/vuvegopixepe.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005e48.bincd1635c2385a3fabfe0a08fbe6a67581164ccf6d4c29e52b418c2d4beffa3fd8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5E48 | 5376 bytes |
font_01_sfnt_off00007095.bind466e159ba3002fd47c62a650cdd878c4d44d65a1d0b6900ca893650050d3580 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7095 | 9728 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.