MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious Link
T1566.002 Spearphishing Attachment
The PDF contains a prominent link that is labeled as a download button, enticing the user to click it. This link redirects to a malicious URL, indicating a phishing or malware distribution attempt. The PDF also functions as a link farm, with many embedded links pointing to Shopify domains, likely for SEO manipulation to improve search engine ranking for the malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=easy+driver+pack+win+10+64bit
- https://cdn.shopify.com/s/files/1/0435/1728/0408/files/29327558367.pdf
- https://cdn.shopify.com/s/files/1/0432/0490/3073/files/wibiwifizugogotarupuboj.pdf
- https://cdn.shopify.com/s/files/1/0431/7075/8820/files/83135159012.pdf
- https://cdn.shopify.com/s/files/1/0435/9002/5375/files/pozatugokox.pdf
- https://cdn.shopify.com/s/files/1/0430/5082/7929/files/nakilunone.pdf
- https://cdn.shopify.com/s/files/1/0431/7193/8461/files/89986307740.pdf
- https://cdn.shopify.com/s/files/1/0431/2530/9601/files/negedekeb.pdf
- https://cdn.shopify.com/s/files/1/0462/3617/2437/files/charter_club_sheets_on_sale.pdf
- https://cdn.shopify.com/s/files/1/0433/6448/3240/files/66167830643.pdf
- https://cdn.shopify.com/s/files/1/0431/1344/7577/files/git_bash_profile.pdf
- https://cdn.shopify.com/s/files/1/0432/3000/3358/files/autonics_counter_timer.pdf
- https://static.usrfiles.com/ugd/b8c837_762b6dbac868490a9eb1d82683b1ecc1.pdf
- https://static.usrfiles.com/ugd/3aee12_53aa97b3e7af4445a7131c351c3410c1.pdf
- https://static.usrfiles.com/ugd/b8c837_f5333afdbc4d48c2979e4d8585a24a4f.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off0000b599.bin95da3fb6372bb7eeecc0970004e2dad9501935f5e58d3c6d7b0a6cc61e5b2f5b |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xB599 | 27464 bytes |
font_00_sfnt_off00007ebb.bin3541b712262b6d2fb4d9dea669e67138488774784baaf9c0c0edcca50e1fe1db |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EBB | 5564 bytes |
font_01_sfnt_off000091d7.bin0966f5949af7c70091c74e1a10ffae40c4906df7a641ea804ef87f27d5d8d986 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x91D7 | 10508 bytes |
font_03_sfnt_off0000e762.bin1158d95dac44631f497756703988ba3645251422e7ff0015d3fca430225e7c3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE762 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.