MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, with one specifically identified as a malicious redirector. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass of external PDF links, suggesting an attempt to create a link farm or distribute malicious content through numerous seemingly benign URLs. The primary malicious URL identified is https://ttraff.cc/pify?keyword=adp+check+stubs, which likely serves as a gateway to further malicious activity.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=adp+check+stubs
- http://files.monroecountykychamber.com/uploads/1/3/1/0/131071295/ponerewesesaw.pdf
- http://files.perockss.com/uploads/1/3/1/6/131606687/kagelajixe.pdf
- http://files.anpslibrary.com/uploads/1/3/2/7/132740214/naxidamewosowuvogu.pdf
- http://files.blowingoakfarm.com/uploads/1/3/1/6/131606289/mesisodepogozep-gotipulabi.pdf
- https://cdn.shopify.com/s/files/1/0437/5219/4202/files/givokavebirifi.pdf
- https://cdn.shopify.com/s/files/1/0427/9504/0924/files/25945565842.pdf
- https://cdn.shopify.com/s/files/1/0429/1667/5740/files/netewunuwidewiwunuvig.pdf
- https://cdn.shopify.com/s/files/1/0428/9029/7507/files/35502587491.pdf
- https://cdn.shopify.com/s/files/1/0433/5278/5055/files/zagolatatevoxomug.pdf
- https://cdn.shopify.com/s/files/1/0434/1560/1314/files/59647791001.pdf
- https://cdn.shopify.com/s/files/1/0428/0261/0335/files/vogixulenax.pdf
- https://cdn.shopify.com/s/files/1/0433/4557/6088/files/zobalujewaxij.pdf
- https://cdn.shopify.com/s/files/1/0428/8951/1071/files/pimifikotelekotijeg.pdf
- https://cdn.shopify.com/s/files/1/0428/2325/4179/files/sujofotorobuputefese.pdf
- https://cdn.shopify.com/s/files/1/0432/5041/7827/files/4254063164.pdf
- https://cdn.shopify.com/s/files/1/0433/1791/9909/files/tiberefizegenitokevinu.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/57790570823.pdf
- https://cdn.shopify.com/s/files/1/0434/1386/4602/files/kim_heldman_pmp_7th_edition.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000589b.bine69c7c3172bd4bfdccc9719b4307a287710a1476a81c08700819eae8f445e6d7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x589B | 5016 bytes |
font_01_sfnt_off000069a7.bin1ce5a771096465bd699dd5d5469869ffab3d4bc9954c99dc71de36df20ec74ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69A7 | 10576 bytes |
font_02_sfnt_off00008d94.binf4cfc27537a13e9f54ad8801d8be76c5bd079f2bc5e94e029bb931620d0a3cc4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8D94 | 17024 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.