MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
The PDF file contains a link to a known malicious redirector, disguised as a repair manual. It also includes a large number of external links, many pointing to benign Shopify URLs, suggesting a link farm or SEO manipulation tactic. The presence of a callback lure further supports a phishing or scam intent, aiming to trick the user into interacting with the malicious link.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=bushnell+rangefinder+repair+manual
- http://livonun.angkorvetclinic.com/uploads/1/3/1/8/131871516/garofutuzofus_zusep.pdf
- http://files.kimberlysbeesallnatural.com/uploads/1/3/1/3/131384718/nanojakizenuvimavi.pdf
- http://nobimob.pajamawarmers.com/uploads/1/3/1/4/131453027/woxenegixakir.pdf
- http://bamizekux.sogchurch.net/uploads/1/3/2/8/132814439/6312de1ff.pdf
- https://cdn.shopify.com/s/files/1/0433/8984/5671/files/glencoe_mcgraw_hill_math_course_3_answers.pdf
- https://cdn.shopify.com/s/files/1/0434/2402/2690/files/zapavadiroxerisifawajo.pdf
- https://cdn.shopify.com/s/files/1/0431/6400/8610/files/36296145313.pdf
- https://f62ce129-b96c-4891-b02a-3e119630e7e2.filesusr.com/ugd/95bb70_6e4aacb579dd42a68cd926afabb20e5f.pdf?index=true
- https://4d27a648-0ed6-4f2e-8236-fb95da876140.filesusr.com/ugd/952c2e_9bba025a192c4054a2a278edfa6b26a2.pdf?index=true
- https://cffcadb8-3286-481f-8000-bee9e6a78a85.filesusr.com/ugd/5c8b2f_ef0e3d27dce44baeacbd77e2a9aa0c55.pdf?index=true
- https://adcb94c6-4e21-4fa4-95e4-96d7a06eda4e.filesusr.com/ugd/c8d394_317042838c314073b26a4afa4b74019c.pdf?index=true
- https://cdn.shopify.com/s/files/1/0431/5856/9128/files/37271495500.pdf
- https://cdn.shopify.com/s/files/1/0432/5530/0249/files/non_steroidal_anti_inflammatory_drugs_mechanism_of_action.pdf
- https://cdn.shopify.com/s/files/1/0437/5733/8776/files/mcpe_id_list.pdf
- https://cdn.shopify.com/s/files/1/0433/7254/4150/files/zovegujubasis.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000612d.bind713ce8cbf0b9676e8ff0a84d97d5f7d0effc7ecb19f170d039854d78601869c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x612D | 5504 bytes |
font_01_sfnt_off000073bf.binef6eb64525bb87546aab5b89ccb37230d60c249eb1d76f9b78de4da434c25b8a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x73BF | 10408 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.