MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged for containing a malicious redirector link and a large number of external PDF links, indicating a link farm or SEO poisoning attempt. The primary malicious URL identified is https://ttraff.ru/pify?keyword=skin+lesion+excision+guidelines. While no scripts were extracted, the sheer volume of links and the presence of a known malicious redirector suggest an attempt to lure users to malicious sites or to manipulate search engine results.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=skin+lesion+excision+guidelines
- http://files.livelively.co.nz/uploads/1/3/0/8/130815014/nifipibine.pdf
- http://bopoju.passitkit.com/uploads/1/3/0/7/130775195/gewibuvokojet-jipuxinojeju.pdf
- http://xakotidap.westcricketfestivals.com/uploads/1/3/1/6/131606758/b48a56afdbdc.pdf
- https://cdn.shopify.com/s/files/1/0435/3795/7023/files/garixupozikax.pdf
- https://cdn.shopify.com/s/files/1/0427/4647/8759/files/34256895345.pdf
- https://cdn.shopify.com/s/files/1/0441/2165/3400/files/nulelujagugasawa.pdf
- https://cdn.shopify.com/s/files/1/0429/8119/5927/files/makalah_penyakit_anorexia.pdf
- https://cdn.shopify.com/s/files/1/0431/0145/4496/files/electronically_sign_acrobat_pro.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/sivuduveserekolagaxabulux.pdf
- https://cdn.shopify.com/s/files/1/0438/9791/3512/files/peziwupunafobuvazopimoput.pdf
- https://cdn.shopify.com/s/files/1/0431/7885/2503/files/2002_polaris_sportsman_400.pdf
- https://cdn.shopify.com/s/files/1/0431/3271/5163/files/sample_antenuptial_contract_with_accrual.pdf
- https://cdn.shopify.com/s/files/1/0438/2038/4416/files/nate_dogg_net_worth.pdf
- https://cdn.shopify.com/s/files/1/0434/7399/3890/files/56756441254.pdf
- https://cdn.shopify.com/s/files/1/0431/5391/6060/files/19096243814.pdf
- https://cdn.shopify.com/s/files/1/0428/6336/2204/files/sample_demand_letter_for_unpaid_rent.pdf
- https://cdn.shopify.com/s/files/1/0433/6241/8846/files/xinerumowonatesaragexife.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006345.bin6ae6cea4977153df5ba664e7ce7cd4dee9f54c68af1290182b383cc96cea8735 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6345 | 5036 bytes |
font_01_sfnt_off00007477.bin3fe58cd8551ae20ff34ad38f8ebc59ec9ee10409724c2364f8424c0ef1c5ab02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7477 | 10536 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.