MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to external PDF files hosted on Shopify and static.usrfiles.com. One of these links, 'https://ttraff.link/wix?keyword=tactical+application+of+practical+sh', is identified as a malicious redirector. This suggests a phishing or spam campaign aiming to direct users to malicious content through a link farm. The document body contains garbled text and the authoring application is wkhtmltopdf, indicating it was likely generated programmatically.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=tactical+application+of+practical+sh
- https://cdn.shopify.com/s/files/1/0437/1687/0296/files/37013424306.pdf
- https://cdn.shopify.com/s/files/1/0433/1238/2117/files/toyota_avensis_2005_manual.pdf
- https://cdn.shopify.com/s/files/1/0435/1492/1112/files/36945314061.pdf
- https://cdn.shopify.com/s/files/1/0431/5761/8850/files/odisha_tourism_gk.pdf
- https://cdn.shopify.com/s/files/1/0432/8649/5400/files/77233907035.pdf
- https://static.usrfiles.com/ugd/7598fa_e3b5247be4d441f3b317dcc199202794.pdf
- https://static.usrfiles.com/ugd/dd4472_8d4ebdbb4fe647edb06e4eb9f789de12.pdf
- https://static.usrfiles.com/ugd/9cfd0a_90f1fd03b7534347a2201a06b3cabb1f.pdf
- https://static.usrfiles.com/ugd/b8c837_a409acdc255f47debc86f2cbc47a36cb.pdf
- https://static.usrfiles.com/ugd/be19e1_77128cd29371498da873b0b8125f9213.pdf
- https://static.usrfiles.com/ugd/51c472_2f4c7847e6244c97a51de2dc384dd599.pdf
- https://static.usrfiles.com/ugd/d5415a_ef85ca68b1d04b71807f4a5076508fe4.pdf
- https://static.usrfiles.com/ugd/6290de_e5144811a71c4e469c2dc98f09b6df5d.pdf
- https://static.usrfiles.com/ugd/b8c837_d39677a8bd2e46b084f833c23c01ac00.pdf
- https://static.usrfiles.com/ugd/191a6d_377b98c931ba42c09ec6294e72056ae2.pdf
- https://static.usrfiles.com/ugd/b8c837_139045fa44014a24ac06e59f8c364058.pdf
- https://static.usrfiles.com/ugd/8d57bd_92ee2cc40d21462eb0f8e231074b1261.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000692a.bin6dfbe95d0ac0fdc82164eed56a3a6bab61a6eea53a7cb72cda5da4301efca5ba |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x692A | 5052 bytes |
font_01_sfnt_off00007a47.bin08743bfea4d7fa9651c5896676bea1de7f71e6dcd23c1c3b9b6837d5c328f2ae |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A47 | 10444 bytes |
font_02_sfnt_off00009e2f.bin7e0863d6dcdfe3ce59f67395a06e5e8634226e44f713773c85e494ff6d119ee1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9E2F | 16344 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.