MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.com/wix?keyword=dnd+3.+5+books+download'. This URL is presented within the document body, disguised as a link to download Dungeons & Dragons books, indicating a social engineering lure. The PDF also contains a large number of external links, characteristic of a link farm, further supporting the malicious intent.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=dnd+3.+5+books+download
- https://cdn.shopify.com/s/files/1/0433/2303/1720/files/hot_springs_spa_serial_number_lookup.pdf
- https://cdn.shopify.com/s/files/1/0437/4829/4807/files/intermittent_fasting_diet_plan.pdf
- https://cdn.shopify.com/s/files/1/0462/9118/9920/files/journal_of_renal_nutrition_author_guidelines.pdf
- https://cdn.shopify.com/s/files/1/0432/5313/7563/files/authenticator_chrome_for_android.pdf
- https://cdn.shopify.com/s/files/1/0469/0273/9104/files/dutta_textbook_de_de_ginecologa.pdf
- https://static.usrfiles.com/ugd/f63f29_ac11b596e33d49fdbd0a3f20acff71b5.pdf
- https://static.usrfiles.com/ugd/6908d7_7d3086b5ff6445acbb96a94119f303f2.pdf
- https://static.usrfiles.com/ugd/b8c837_ce9fe9742dad456c8961b1dc3fe4173d.pdf
- https://static.usrfiles.com/ugd/0d2908_f4d35adccf0347f29f19c356402b7ec2.pdf
- https://static.usrfiles.com/ugd/c1108c_c9acf1d74333457f9d49b43922fbed5b.pdf
- https://cdn.shopify.com/s/files/1/0433/8325/9301/files/52664233036.pdf
- https://cdn.shopify.com/s/files/1/0433/7745/9365/files/50164787774.pdf
- https://static.usrfiles.com/ugd/eb5a6a_553c3589f1f642b598b7979d326d7d3c.pdf
- https://static.usrfiles.com/ugd/576447_cf37947578114c208acde0d2947d8a1f.pdf
- https://static.usrfiles.com/ugd/b8c837_b163dd7a12994e479ffc31d4ffef78a0.pdf
- https://static.usrfiles.com/ugd/fedf23_3ea210f285af4cc48c05d535e6a40896.pdf
- https://static.usrfiles.com/ugd/b8c837_2fc892b3cb714e0c94ce61acef817458.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007791.bin52bdbe54b1cfb7218ec4663f8590980060ac6982542122b093049762ec79bd39 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7791 | 5340 bytes |
font_01_sfnt_off000089e4.bin56405aefdb11de1c19deb26c78ad38a0b664af6fc3f0b7eb77663b36349e19ac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x89E4 | 10324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.