MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=cinema+apk+not+loading'. The document body, though heavily obfuscated, contains this URL, suggesting a lure related to 'cinema apk not loading'. The file also exhibits characteristics of a link farm, with numerous embedded URLs, many pointing to benign Shopify domains but likely serving as a distraction or part of a broader SEO poisoning strategy. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=cinema+apk+not+loading
- https://cdn.shopify.com/s/files/1/0428/2833/3219/files/99248628268.pdf
- https://cdn.shopify.com/s/files/1/0430/0803/2922/files/81350457072.pdf
- https://cdn.shopify.com/s/files/1/0430/3942/4663/files/23081390193.pdf
- https://cdn.shopify.com/s/files/1/0430/3912/9751/files/cherries_dietary_information.pdf
- https://static.usrfiles.com/ugd/83e24f_f73a8e1d98b04e95b09a9be5a6593015.pdf
- https://static.usrfiles.com/ugd/ec0c41_dc5acd9d7b28454fb1b2fd4a7f16cde6.pdf
- https://static.usrfiles.com/ugd/b8c837_0c74718e4fbe434ea351fb67400623f9.pdf
- https://static.usrfiles.com/ugd/b8c837_644cac6e97d74320b30df440a161a425.pdf
- https://static.usrfiles.com/ugd/9904c2_04ba9cc70a214e1b9a550aa25c2c20a3.pdf
- https://static.usrfiles.com/ugd/b8c837_3e2cb3b5b63e4742ab0fab769c7a8d8c.pdf
- https://static.usrfiles.com/ugd/735189_c4eb8ef7ce6443bd965ddeb983eeece8.pdf
- https://static.usrfiles.com/ugd/63d3ad_9e9f53eefeef4e3d9ce33682ced74d0c.pdf
- https://static.usrfiles.com/ugd/b8c837_7366e8f288254cdc89682d91f35a805a.pdf
- https://static.usrfiles.com/ugd/0286dd_240530287010457a8a17e9cf1329a686.pdf
- https://cdn.shopify.com/s/files/1/0431/8448/8607/files/barron_s_new_sat.pdf
- https://cdn.shopify.com/s/files/1/0431/1767/4656/files/norme_iso_14001_afnor.pdf
- https://cdn.shopify.com/s/files/1/0430/4571/6129/files/kifalepapunoxa.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/99289858455.pdf
- https://cdn.shopify.com/s/files/1/0434/5957/5958/files/45984909199.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://static.usrfiles.com/ugd/b8c837_3
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007003.binb0fc16d4dd29455fdb5f4a8fc3488a0e49f216ccc72dc1611e3818932e1ed4ad |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7003 | 4976 bytes |
font_01_sfnt_off000080db.bincfaa781503093f475d37d54cd198ac67ea5a616b70fcf02b2f6f620971953222 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x80DB | 10660 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.