MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 User Execution: Malicious Link
T1059.001 PowerShell
The PDF contains a malicious redirector link that leads to a URL associated with known malicious infrastructure. The document also exhibits characteristics of a link farm, with numerous external PDF links, and includes lures suggesting a download button and urgency. The primary malicious URL identified is https://ttraff.ru/pify?keyword=pedagogy+of+biological+science+b.+ed+notes+pdf, which is likely used to redirect users to a malicious site.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=pedagogy+of+biological+science+b.+ed+notes+pdf
- http://files.tastefulgatherings.com/uploads/1/3/1/8/131856949/9847458.pdf
- http://files.theteethdr.com/uploads/1/3/0/7/130775970/4056856.pdf
- http://files.vaughanstx.com/uploads/1/3/1/3/131398479/bufoxe.pdf
- https://cdn.shopify.com/s/files/1/0429/7054/6329/files/saxon_math_7_6_download.pdf
- https://cdn.shopify.com/s/files/1/0449/9403/5880/files/adding_and_subtracting_algebraic_expressions.pdf
- https://cdn.shopify.com/s/files/1/0446/9719/0556/files/que_son_las_varices_esofagicas.pdf
- https://cdn.shopify.com/s/files/1/0431/7888/5280/files/29843440160.pdf
- https://cdn.shopify.com/s/files/1/0434/1648/6040/files/scert_kerala_textbooks_for_class_10.pdf
- https://cdn.shopify.com/s/files/1/0434/9670/2104/files/ropuzogirete.pdf
- https://cdn.shopify.com/s/files/1/0432/4923/8178/files/signs_and_symptoms_of_hepatitis_b.pdf
- https://cdn.shopify.com/s/files/1/0433/2313/0009/files/sonufi.pdf
- https://cdn.shopify.com/s/files/1/0427/7505/2454/files/79084032203.pdf
- https://cdn.shopify.com/s/files/1/0439/5096/4904/files/88334520268.pdf
- https://cdn.shopify.com/s/files/1/0431/4421/6727/files/sisen.pdf
- https://cdn.shopify.com/s/files/1/0435/9307/2808/files/dudufaxusi.pdf
- https://cdn.shopify.com/s/files/1/0438/6340/8795/files/dexolugiwolez.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c725.bince80a1bed12b64cbe39e7b64d2378dc082c74ac283f605b73cd56e32451e3fd8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC725 | 5500 bytes |
font_01_sfnt_off0000da04.bin0d51a47ba303a9fc1e4c17b73cc08084f4f6a9b16c2ee7b0e3bd247b2368633a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA04 | 17060 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.