MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.ru/pify?keyword=interjections+worksheet+for+grade+4'. Additionally, it exhibits characteristics of a PDF link farm, embedding numerous external links, with the primary one being 'https://cdn.shopify.com/s/files/1/0432/0978/5512/files/bugez.pdf'. The document body, though partially corrupted, contains the visible lure text 'Interjections worksheet for grade 4' and the malicious URL, suggesting a social engineering tactic to direct users to potentially harmful content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=interjections+worksheet+for+grade+4
- http://givowo.suprimos.club/uploads/1/3/1/6/131607919/tesafobufepa.pdf
- http://files.hijoeselectronics.com/uploads/1/3/1/3/131383242/e270de.pdf
- https://cdn.shopify.com/s/files/1/0432/0978/5512/files/bugez.pdf
- https://cdn.shopify.com/s/files/1/0428/2934/9030/files/42837367816.pdf
- https://cdn.shopify.com/s/files/1/0432/6830/9152/files/pokemon_yellow_gameshark_codes.pdf
- https://cdn.shopify.com/s/files/1/0431/4398/7357/files/32352302098.pdf
- https://cdn.shopify.com/s/files/1/0431/8072/0294/files/movosizovibuf.pdf
- https://cdn.shopify.com/s/files/1/0440/5913/2054/files/lonely_planet_london.pdf
- https://cdn.shopify.com/s/files/1/0430/7278/2489/files/gluten_free_artisan_bread_in_five_minutes_a_day.pdf
- https://cdn.shopify.com/s/files/1/0432/1440/5793/files/gerubisejefopizimep.pdf
- https://cdn.shopify.com/s/files/1/0430/2051/7537/files/tricks_and_tips_to_solve_quantitative_aptitude.pdf
- https://cdn.shopify.com/s/files/1/0432/5795/4467/files/aws_certified_solutions_architect_professional_dumps_free.pdf
- https://cdn.shopify.com/s/files/1/0437/6936/4629/files/exercicio_de_botanica.pdf
- https://cdn.shopify.com/s/files/1/0432/5690/5885/files/kijebelajematidifudogixif.pdf
- https://cdn.shopify.com/s/files/1/0440/1371/5606/files/72632518491.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000063e3.bin5eb1c294451f50e4e42abd762e4d3104a77dd82a1de521048197bd2d62e4b151 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x63E3 | 5508 bytes |
font_01_sfnt_off000076b3.binda75a589b13911673549531ce4400792b0d6190d337f9ae4bd965cf8269c910a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76B3 | 10244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.