MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a lure related to employment and invoices, directing users to external links. One critical heuristic identified a malicious redirector link, while another noted a large number of PDF links, many hosted on Shopify. The embedded URL 'https://ttraff.cc/wb?keyword=employment%20act%202018%20pdf' is the primary indicator of malicious intent, likely leading to a phishing or malware download site.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wb?keyword=employment%20act%202018%20pdf
- http://files.lynnobrienmusic.com/uploads/1/3/0/7/130776343/gawudotujusunot.pdf
- http://files.myschoolchoicestory.org/uploads/1/3/1/3/131383657/jivetujusanisu.pdf
- http://files.urbancultureinstitute.org/uploads/1/3/1/4/131437147/zexadupedi-vezefeb.pdf
- http://files.pleasantgreenmethodist.org/uploads/1/3/1/1/131163669/9ed7ef.pdf
- http://files.cfandtg.com/uploads/1/3/1/3/131379205/zexujogubalu-fozakisusawedef-zibetonafanufi.pdf
- https://cdn.shopify.com/s/files/1/0428/2286/0966/files/tiberebawokekomexu.pdf
- https://cdn.shopify.com/s/files/1/0434/1645/3272/files/36243184694.pdf
- https://cdn.shopify.com/s/files/1/0430/7812/3680/files/pazuwupazozikudapixelix.pdf
- https://cdn.shopify.com/s/files/1/0428/5107/4214/files/labelezofixivemik.pdf
- https://cdn.shopify.com/s/files/1/0433/9728/3992/files/90582143946.pdf
- https://cdn.shopify.com/s/files/1/0429/2742/3654/files/foviwati.pdf
- https://cdn.shopify.com/s/files/1/0428/8249/8716/files/zekeve.pdf
- https://cdn.shopify.com/s/files/1/0434/7225/7181/files/67780887884.pdf
- https://cdn.shopify.com/s/files/1/0427/7246/3772/files/xidowekebazudojeredorebe.pdf
- https://cdn.shopify.com/s/files/1/0438/7468/0987/files/cancer_de_mama_prevencion.pdf
- https://cdn.shopify.com/s/files/1/0433/1841/1417/files/nuxijupuxogujagurefu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000072c9.bin43265f83a211942ca8be31d113ae22524e22dc221eea68b77e6f9e8f0da7ff45 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72C9 | 5608 bytes |
font_01_sfnt_off000085e1.bind3f6ac7061d1819a402e1e3864cf61b879a520feaa535041f64ca02c22ac2193 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85E1 | 10192 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.