MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, a technique often used to create link farms for SEO manipulation or to distribute malicious content. One of the primary URLs, 'https://ttraff.me/wix?keyword=golden+retriever+lab+mix+puppies+oregon', is flagged as a known malicious redirector. This suggests the document's purpose is to lure users to malicious sites.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=golden+retriever+lab+mix+puppies+oregon
- https://2ce26b6c-2466-4518-8d1d-fe20c7a4edc5.filesusr.com/ugd/e8506d_9bce395594a3456b802a647faf6e94a0.pdf?index=true
- https://85607eb3-8fbc-4e20-9e3e-5e3503457304.filesusr.com/ugd/9f06f8_1102ae0f9cb74afbbf3ef6ea8cf6a3ea.pdf?index=true
- https://c12106be-e591-464e-8e7d-848a1075d707.filesusr.com/ugd/4aae87_da97df83ad914a02b62e680dd1d5562a.pdf?index=true
- https://9b8e3f72-b375-402f-9005-0092637732fe.filesusr.com/ugd/5aec95_ee680645975b4021a348000e3710492e.pdf?index=true
- https://cbed2a20-166f-44e9-b646-f4630a381e6b.filesusr.com/ugd/6bb4a2_28df1a4fe8f34608bf269d4f407ba3d8.pdf?index=true
- https://27a2ba76-35b6-4061-a62c-056ec11b6c28.filesusr.com/ugd/460efe_e144b8ce337540b7be4eb5fde46df490.pdf?index=true
- https://453a84a1-7bab-4c90-b095-ece707dcf1f1.filesusr.com/ugd/b48b60_b558d485e5e34d0f892ab6d1f3241f82.pdf?index=true
- https://a78b975c-0216-4ab5-83e9-67466de9f4f0.filesusr.com/ugd/47e66e_da28f3cf24754b39a56b73f2121c964f.pdf?index=true
- https://b6d2141a-c8a3-4c2c-af36-dad7fee97e80.filesusr.com/ugd/faa7ef_f51bbd8ddc2c4c488ec36589e396465d.pdf?index=true
- https://cdn.shopify.com/s/files/1/0430/1435/7145/files/64232118811.pdf
- https://cdn.shopify.com/s/files/1/0430/2100/9053/files/52716734704.pdf
- https://cdn.shopify.com/s/files/1/0467/8146/4729/files/87197138236.pdf
- https://cdn.shopify.com/s/files/1/0433/7532/9443/files/12754092818.pdf
- https://cdn.shopify.com/s/files/1/0433/7529/6670/files/adenovirus_infection.pdf
- https://a29b6c0b-8369-4261-a753-5d97337b1eb3.filesusr.com/ugd/c4dbd3_d2e06000de9c402bab0ccb6881032494.pdf?index=true
- https://3f0ce0ad-40c1-486a-a761-caf5bbd93376.filesusr.com/ugd/bdc04d_1248e58080f248d39170eb6897e66098.pdf?index=true
- https://c2f78dcc-34b2-4c89-bbea-62a95e335b65.filesusr.com/ugd/417718_cd5d4cb6859f4118913bd7120a5c4cd1.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005e70.bin0255be0d949c48801e192736bfaa26cd0e009d177be2a05ccdb24fd9b5b274d2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5E70 | 5576 bytes |
font_01_sfnt_off00007154.bin6739122654f521cb76ed54492485c0467468ad010be112a7776b8b6afc15daa1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7154 | 10052 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.