MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, contains text related to 'airsoft guns' and the malicious URL, suggesting a lure to a phishing or malware distribution site. The presence of a link farm heuristic further indicates malicious intent to distribute links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=are+double+eagle+airsoft+guns+good
- https://11b675a5-b858-40e9-af4a-917705f9e6b3.filesusr.com/ugd/ab059d_48564cb8da8340838a940f6b419a80d1.pdf?index=true
- https://d803cef1-a5be-4acd-a64b-c856287cdeb7.filesusr.com/ugd/1e52da_52d23b964c0d4e99acd1d185823a2c11.pdf?index=true
- https://288d00bf-aa4f-4753-b1ee-252fd7eb932f.filesusr.com/ugd/eb4c03_b4b6493a0cb841f78f5cd46a47414c1f.pdf?index=true
- https://b099d5af-70cc-482b-b7c0-3bd9ec6d1815.filesusr.com/ugd/9ea91e_754df40f1eac4766bce887751b6a8141.pdf?index=true
- https://b123ca26-3c73-42eb-ad72-91a8a8ad62bc.filesusr.com/ugd/0aab01_bb2c67582b2143a58634f59810309b28.pdf?index=true
- https://cdn.shopify.com/s/files/1/0429/9587/5989/files/altar_of_siena_b1f_guide.pdf
- https://cdn.shopify.com/s/files/1/0465/5330/1150/files/zojepagidoxojexodofi.pdf
- https://cdn.shopify.com/s/files/1/0432/6404/9318/files/the_biggest_snowman_ever_book.pdf
- https://1d4da435-7628-4159-a0f2-4f431ecb28dc.filesusr.com/ugd/a6e5e9_effd4178ffcf4e05aac3916658eab821.pdf?index=true
- https://75cd4e27-670d-4b6d-a3ff-47587e516c25.filesusr.com/ugd/314c35_fca790607d8e484185c77164469ddf49.pdf?index=true
- https://73ae9a4d-3a7e-4c9f-9a26-0902c9594636.filesusr.com/ugd/d162e3_a8d432b3594e4dc2b17d4d21dd330e75.pdf?index=true
- https://cdn.shopify.com/s/files/1/0434/7301/0850/files/kahoot_bot_spam_and_answer_hack.pdf
- https://cdn.shopify.com/s/files/1/0434/7016/0032/files/21_day_bone_broth_diet_plan.pdf
- https://cdn.shopify.com/s/files/1/0431/0843/4081/files/free_calendar_template_2019-_20.pdf
- https://cdn.shopify.com/s/files/1/0437/6556/3549/files/37128291695.pdf
- https://cdn.shopify.com/s/files/1/0438/0003/5485/files/biloxizekaneguwilixa.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004dd3.bin21d0eab422a3f1d9dddf8e685449d842b91c5d449b6ba19ca9d4a4c3b2941ab2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4DD3 | 5204 bytes |
font_01_sfnt_off00005f93.bin05f146d776e8f5ba24718b6b738f4927700ad73e260eb3e5031da76dad2c152a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5F93 | 10044 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.