MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.com/pify?keyword=llp+balance+sheet+format+2019'. The document body, though heavily obfuscated, also contains this URL, suggesting it's the primary lure. The PDF also exhibits characteristics of a link farm, with numerous external links, many hosted on Shopify. The primary intent appears to be redirecting the user to malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=llp+balance+sheet+format+2019
- http://buwek.mariedyerstudios.com/uploads/1/3/1/4/131483036/biretimajo_rogemi.pdf
- http://files.prestonreservoirswimmingclub.com/uploads/1/3/1/8/131871894/3657272.pdf
- http://files.wwemd.com/uploads/1/3/0/9/130969012/gepukin_buporezuwizugaf_kamibiwowigax.pdf
- http://files.artsongsheetmusic.com/uploads/1/3/2/6/132681356/18b7897321.pdf
- https://cdn.shopify.com/s/files/1/0454/2916/2152/files/lagu_hargai_aku_armada_stafaband.pdf
- https://cdn.shopify.com/s/files/1/0432/1535/6067/files/44201017766.pdf
- https://cdn.shopify.com/s/files/1/0448/0732/3814/files/bethel_music_album_free.pdf
- https://cdn.shopify.com/s/files/1/0432/8685/5844/files/bijuvegij.pdf
- https://cdn.shopify.com/s/files/1/0434/2707/0104/files/neravu.pdf
- https://cdn.shopify.com/s/files/1/0437/1854/1480/files/kaplan_anatomy_coloring_book.pdf
- https://cdn.shopify.com/s/files/1/0443/5532/2012/files/camillo_sitte_livro.pdf
- https://cdn.shopify.com/s/files/1/0440/0673/6037/files/fujagol.pdf
- https://cdn.shopify.com/s/files/1/0440/4396/0485/files/digital_logic_gates_and_flip_flops.pdf
- https://cdn.shopify.com/s/files/1/0432/0428/0481/files/fifepejulerigogemeges.pdf
- https://cdn.shopify.com/s/files/1/0430/5335/1066/files/98390137402.pdf
- https://cdn.shopify.com/s/files/1/0432/5765/9547/files/93268437357.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/mufuma.pdf
- https://cdn.shopify.com/s/files/1/0429/3830/2627/files/nugopo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/04
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000723a.bin4ecf1e2540a8b371f18e74d66c5a98d8a757a0b282513532e3dbac094c24b3c2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x723A | 5820 bytes |
font_01_sfnt_off000085d2.binb46a8d7481ee5b2753b5954dab4bbf33f64abb7c298dd08bd2fd062cfaaa3dac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85D2 | 10376 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.