MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as malicious due to the presence of numerous embedded links. One critical heuristic firing indicates a PDF link to known malicious redirector infrastructure at 'ttraff.com'. Another critical heuristic flags the document as a PDF SEO link farm, containing mass external PDF links, with 'cdn.shopify.com' being the first identified URL. The document body contains garbled text but includes the URL 'https://ttraff.com/wix?keyword=english+test+pdf+pre+intermediate', suggesting a lure or redirection mechanism.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=english+test+pdf+pre+intermediate
- https://cdn.shopify.com/s/files/1/0430/7307/7409/files/pibik.pdf
- https://cdn.shopify.com/s/files/1/0432/0110/1984/files/41682254700.pdf
- https://cdn.shopify.com/s/files/1/0432/2738/1924/files/31387206967.pdf
- https://static.usrfiles.com/ugd/b8c837_46e135fdbf8d4fa8bee14fc6ceb14922.pdf
- https://static.usrfiles.com/ugd/b8c837_e65fe7ff39b04b4da0d4679c03c9db8c.pdf
- https://static.usrfiles.com/ugd/b8c837_794924bd2501441fa6219088ae1e30bc.pdf
- https://static.usrfiles.com/ugd/a91264_96c4ce3b237446fc82a75b2b88cf4b09.pdf
- https://static.usrfiles.com/ugd/fedf23_ec426587029e4c2397312baa5b3ea84e.pdf
- https://static.usrfiles.com/ugd/e4bc37_65b49601cf8449cfa580ba17267d6c8c.pdf
- https://static.usrfiles.com/ugd/b8c837_6bb7376ddafa4b858ccae59bcf8f2591.pdf
- https://static.usrfiles.com/ugd/b8c837_779b68eb25c74137b70b912d9a4bf8a8.pdf
- https://static.usrfiles.com/ugd/b8c837_ffcab909836f4f569240b4f477341320.pdf
- https://static.usrfiles.com/ugd/2c608b_e7e9d31cb6b2429d91f36c197bd97b33.pdf
- https://static.usrfiles.com/ugd/d99ef3_03633ee52e46411e85d75e5ef86d9b41.pdf
- https://static.usrfiles.com/ugd/f0e51d_4271d931726f4227bdb2bce80fe3a653.pdf
- https://static.usrfiles.com/ugd/e2f197_1dccaefa9c1e4945a9c08dbb9910cafd.pdf
- https://static.usrfiles.com/ugd/cc15ef_b2c042a59166489c884b2998b1f6ebc1.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000058f2.bin618b5f62cfd0b557ccaef0045956654d4ecd78e1d37922b052408017178fa2d4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x58F2 | 5412 bytes |
font_01_sfnt_off00006b2f.bin0bf3fd77c06709de4874e2f1a84e9eaa550ca9a214f81b713a97407bc4e961f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B2F | 10180 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.