MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with a critical heuristic identifying a malicious redirector. The document body text and embedded links suggest a lure related to 'Bangla new natok 2019 mp4' to drive traffic to malicious sites. The primary malicious URL identified is https://ttraff.com/pify?keyword=bangla+new+natok+2019++mp4.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=bangla+new+natok+2019++mp4
- http://xigabojo.turpinators.com/uploads/1/3/1/4/131454065/059077c1.pdf
- http://files.highimpactanalysis.com/uploads/1/3/2/6/132695651/dokejik-gabavaxoba.pdf
- http://sixizedof.breathewithlauren.com/uploads/1/3/1/4/131453215/4694188.pdf
- http://files.smithandsonlandscapes.com/uploads/1/3/0/8/130815213/fokevasasof.pdf
- http://mivedotu.scenesofvirtue.com/uploads/1/3/2/8/132815806/3824681.pdf
- https://cdn.shopify.com/s/files/1/0434/7559/9524/files/65301114701.pdf
- https://cdn.shopify.com/s/files/1/0434/2670/9665/files/bolibomutolu.pdf
- https://cdn.shopify.com/s/files/1/0428/3164/2780/files/sawiwoliruvek.pdf
- https://cdn.shopify.com/s/files/1/0430/3365/7498/files/viwobufakuma.pdf
- https://cdn.shopify.com/s/files/1/0433/1814/9285/files/29267228161.pdf
- https://cdn.shopify.com/s/files/1/0431/5247/4267/files/sukujorukubowuz.pdf
- https://cdn.shopify.com/s/files/1/0432/4042/3587/files/latepamafineworipu.pdf
- https://cdn.shopify.com/s/files/1/0434/2431/7607/files/alouette_lyrics.pdf
- https://cdn.shopify.com/s/files/1/0433/1782/1605/files/zeriwunofofafo.pdf
- https://cdn.shopify.com/s/files/1/0431/5847/0813/files/safanopo.pdf
- https://cdn.shopify.com/s/files/1/0435/6361/4369/files/plos_computational_biology_word_template.pdf
- https://cdn.shopify.com/s/files/1/0437/1415/0565/files/wozisir.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000060e1.bind83a648cbd12fe0cb6cac34f72a153cb2b6856820a8de06ddc938471936e7900 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x60E1 | 5640 bytes |
font_01_sfnt_off00007426.bin904ae3b64b648b317ba080972da3e24f141f1cf5e7f3aaad96e4f486cc87935a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7426 | 12480 bytes |
font_02_sfnt_off000099e3.bin07ecde503da4517b8f20e35e4c6cab051d84b79abe310f3c2ada97187e7d04e7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x99E3 | 1852 bytes |
font_03_sfnt_off0000a2d5.bindb2ce67de5e387d979c72a872656f5d70faa21afa365b74e419636ccc920284a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA2D5 | 10320 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.