MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with a critical heuristic firing indicating a malicious redirector link. The primary malicious URL identified is https://ttraff.ru/wix?keyword=un+ya+existiendo+pista+de+crucigrama. The document body itself is heavily obfuscated and contains this URL, suggesting it's part of a lure to redirect users to malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=un+ya+existiendo+pista+de+crucigrama
- https://cdn.shopify.com/s/files/1/0429/6422/2101/files/saints_row_4_music.pdf
- https://cdn.shopify.com/s/files/1/0463/0754/1157/files/risperidone_tablets_patient_information_leaflet.pdf
- https://cdn.shopify.com/s/files/1/0433/7447/7464/files/flipping_out_season_11_episode_guide.pdf
- https://cdn.shopify.com/s/files/1/0432/2308/9307/files/mimofe.pdf
- https://cdn.shopify.com/s/files/1/0433/4986/8712/files/zifewuwide.pdf
- https://cdn.shopify.com/s/files/1/0431/0899/1140/files/427977967.pdf
- https://cdn.shopify.com/s/files/1/0462/7959/0048/files/soseximiwogexoz.pdf
- https://cdn.shopify.com/s/files/1/0429/6438/5951/files/tafabufim.pdf
- https://cdn.shopify.com/s/files/1/0434/1887/8114/files/95861143204.pdf
- https://cdn.shopify.com/s/files/1/0432/4550/2626/files/gci_tv_guide.pdf
- https://cdn.shopify.com/s/files/1/0462/0989/2505/files/tukevofaba.pdf
- https://cdn.shopify.com/s/files/1/0466/5144/1317/files/business_analyst_cv_template_uk.pdf
- https://cdn.shopify.com/s/files/1/0434/2477/6354/files/tazevorepibegubabutobesal.pdf
- https://cdn.shopify.com/s/files/1/0434/7366/6213/files/bixifu.pdf
- https://static.usrfiles.com/ugd/b8c837_78d89ff0d1164e3c93687683e06fb390.pdf
- https://static.usrfiles.com/ugd/362633_f14f5242daac4abaa6980c35ac5137ab.pdf
- https://static.usrfiles.com/ugd/81d6a4_da103b34c85746409cc3f9d5702040a8.pdf
- https://static.usrfiles.com/ugd/510a18_fa93726a478b484ea6db2ccb8d6055cc.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000051a3.bin053be72db36172995cf4302bc2a329b0ecee2afa08d2d282338d75f42b57cb87 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x51A3 | 5524 bytes |
font_01_sfnt_off00006460.bind3f549743482b0c663eba341792ab8b453730a633cd543f4e8ee37817fff3552 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6460 | 11048 bytes |
font_02_sfnt_off000088b1.bin1f773c7a7450f03bde076cc55d70989549729bf7b3b780ce5eaadefca762edb6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x88B1 | 16164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.