MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with a critical heuristic firing indicating it acts as a malicious redirector. The primary link, 'https://ttraff.cc/pify?keyword=2005+jeep+liberty+repair+manual+pdf', is designed to lure users by appearing to offer a repair manual. This link redirects to malicious infrastructure, suggesting a phishing or malware distribution attempt. No scripts were extracted, but the PDF structure and link analysis strongly indicate a malicious intent.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=2005+jeep+liberty+repair+manual+pdf
- http://files.losalamitosunit716.org/uploads/1/3/2/6/132683135/pigaxuvamilesat.pdf
- http://files.easternsloperanch.com/uploads/1/3/2/6/132681404/3588728.pdf
- http://files.divinedonutsusa.com/uploads/1/3/1/8/131871745/tuviwavidul-nozezedufes-demesigir-lakojudupududa.pdf
- http://files.homestayadvisor.in/uploads/1/3/1/8/131858592/7076574.pdf
- http://files.megaworldglobal.com/uploads/1/3/1/4/131453294/sazimovu_vulezekoju_lebanufelezer_sikunus.pdf
- https://cdn.shopify.com/s/files/1/0430/6262/4405/files/56588154247.pdf
- https://cdn.shopify.com/s/files/1/0430/4823/9257/files/diduwurufawitosuzabow.pdf
- https://cdn.shopify.com/s/files/1/0433/7169/2188/files/whirlpool_super_capacity_465.pdf
- https://cdn.shopify.com/s/files/1/0431/0473/1300/files/317416200.pdf
- https://cdn.shopify.com/s/files/1/0437/0956/3034/files/minecraft_helicopter_mod.pdf
- https://cdn.shopify.com/s/files/1/0432/5058/1662/files/mevavojaxowefibuzugakipuf.pdf
- https://cdn.shopify.com/s/files/1/0431/8514/3969/files/65413685713.pdf
- https://cdn.shopify.com/s/files/1/0433/9938/1157/files/nalifikuverirotuvi.pdf
- https://cdn.shopify.com/s/files/1/0438/9801/1816/files/70998186361.pdf
- https://cdn.shopify.com/s/files/1/0437/6471/1575/files/gaussian_noise_python.pdf
- https://cdn.shopify.com/s/files/1/0431/6640/0663/files/16296460760.pdf
- https://cdn.shopify.com/s/files/1/0434/3411/5233/files/nexakevoweveva.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000065f5.bin22a33612b6648d6915c55f75b79ef85abff94f5d9412862f6a2a0934ad1e6a1f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65F5 | 5632 bytes |
font_01_sfnt_off0000790d.bin63a3e3ad1083398a4c30dddd5661eba7461903b40e282c8f004b1821945e094c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x790D | 10264 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.