MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a link to a known malicious redirector, ttraff.com, which is disguised as patient information for inflammatory bowel disease. This indicates a phishing attempt to redirect users to malicious infrastructure. The file also contains a large number of embedded links, suggesting a link farm or SEO poisoning tactic to increase visibility.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=inflammatory+bowel+disease+patient+information
- https://cdn.shopify.com/s/files/1/0431/8609/4248/files/kamijosadakafuru.pdf
- https://cdn.shopify.com/s/files/1/0432/1797/7504/files/winter_hiking_gear_guide.pdf
- https://cdn.shopify.com/s/files/1/0435/0210/8836/files/bed_cet_hall_ticket_2018.pdf
- https://cdn.shopify.com/s/files/1/0440/3894/6981/files/41802013915.pdf
- https://cdn.shopify.com/s/files/1/0464/9756/2776/files/amu_controller_admit_card.pdf
- https://static.usrfiles.com/ugd/b8c837_1b115f2842dc46fd86c817f23cd85627.pdf
- https://static.usrfiles.com/ugd/0bcf16_de8a27480d314ad8a96cc3ff88281081.pdf
- https://static.usrfiles.com/ugd/8a419d_68799a89ada643b79c36f47afbabdd01.pdf
- https://static.usrfiles.com/ugd/7041e4_8e6f97e81ad349cb85eb4b32764f44da.pdf
- https://static.usrfiles.com/ugd/d9d1f5_aeeee936379344ecbf336c4b93be5d6f.pdf
- https://static.usrfiles.com/ugd/ae15ca_2167a917e6604194a0ba44f13203e8c6.pdf
- https://static.usrfiles.com/ugd/6f7357_2814807f8f784e4786ce4bc799932a90.pdf
- https://static.usrfiles.com/ugd/5be868_41ca54b11df841ce8740995f20a7a9fe.pdf
- https://static.usrfiles.com/ugd/33a16d_f42c68d8bd56492c9beb9fa524473229.pdf
- https://static.usrfiles.com/ugd/430cb2_86fc86b008b3451daeabc3f0fc7606dd.pdf
- https://cdn.shopify.com/s/files/1/0428/0995/0367/files/nowevisakitisezanizasuvom.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/wajafaliwufenosikem.pdf
- https://cdn.shopify.com/s/files/1/0431/7783/6703/files/tasorujisonovorovon.pdf
- https://cdn.shopify.com/s/files/1/0428/3082/3583/files/dusixotegazuwatujama.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009b4a.bin586a66ebea55896d786ccbd019c6135a728c09de980868bc48b32870348c7ef2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B4A | 5244 bytes |
font_01_sfnt_off0000ad0c.binabfee20daf7a3ae3f2c7cec6b1c00d93e76c5d593c9a2c123416de463a94caa8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAD0C | 10492 bytes |
font_02_sfnt_off0000d0e1.binb50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD0E1 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.