MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a mass of external links, many hosted on cdn.shopify.com, designed to appear as legitimate documents. One prominent link, however, directs to a known malicious redirector at 'ttraff.com'. This suggests a link farm or SEO poisoning tactic to drive traffic to malicious infrastructure. The document body, though heavily obfuscated, contains the URL 'https://ttraff.com/wix?keyword=smart+goals+template', reinforcing the malicious redirector intent.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=smart+goals+template
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/jokopewizemaw.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/12339474235.pdf
- https://cdn.shopify.com/s/files/1/0433/8640/5029/files/gikavez.pdf
- https://cdn.shopify.com/s/files/1/0428/6113/3990/files/marriott_explore_rate_authorization_form.pdf
- https://cdn.shopify.com/s/files/1/0432/0365/7887/files/5e_character_sheet_form_fillable.pdf
- https://cdn.shopify.com/s/files/1/0454/5331/2150/files/angina_de_pecho_estable_e_inestable.pdf
- https://cdn.shopify.com/s/files/1/0433/0536/9758/files/shell_shockers_scripts.pdf
- https://cdn.shopify.com/s/files/1/0428/9078/9020/files/52156972799.pdf
- https://cdn.shopify.com/s/files/1/0437/6081/2189/files/zinitokavuwagawawapor.pdf
- https://cdn.shopify.com/s/files/1/0431/3756/4838/files/aasld_hcc_guidelines_2017.pdf
- https://cdn.shopify.com/s/files/1/0437/4573/8903/files/nbi_clearance_application_form_online_registration.pdf
- https://cdn.shopify.com/s/files/1/0429/9181/2767/files/century_21_brand_guidelines_2020.pdf
- https://cdn.shopify.com/s/files/1/0439/5221/0088/files/algebra_nation_book_answer_key_section_3.pdf
- https://cdn.shopify.com/s/files/1/0434/0583/6444/files/reeds_vol_4_naval_architecture_free_download.pdf
- https://static.usrfiles.com/ugd/b8c837_264070d4c1084d1aa4fd2c8dec6a0501.pdf
- https://static.usrfiles.com/ugd/b8c837_498797f69b75420b9030a21ffcf375ea.pdf
- https://static.usrfiles.com/ugd/b8c837_baa8a104365144aca3b6f00fa7886710.pdf
- https://static.usrfiles.com/ugd/b8c837_793bd837f57a4e568b8f60ccac92e39e.pdf
- https://static.usrfiles.com/ugd/b8c837_685f752c2e35491fab12d5c193624096.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000863a.binc7bf99ccbdbb86a53321b58c307716ef47ff7b751df881fda2e8eb71d0d67b5c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x863A | 5240 bytes |
font_01_sfnt_off000097f1.bin37419206cfd344bbe370ccc7eafc8fdf960312dc429d03bbe8c2f59da642fd3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97F1 | 10164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.