MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link that redirects to a malicious URL, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, suggests a lure for downloading a PDF, aligning with the PDF_SEO_LINK_FARM heuristic which indicates a link farm designed to attract search engine traffic. The SE_DOWNLOAD_BUTTON heuristic further supports the lure tactic.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=english+speaking+in+marathi+pdf+download
- http://files.it-starts-here.com/uploads/1/3/1/4/131453194/pokolobi-bolixivadebil-pobotesizaxi-sotazivopi.pdf
- http://files.rockymountainadventureseries.com/uploads/1/3/1/4/131437615/9632802.pdf
- http://files.yfcwolves.com/uploads/1/3/2/6/132683267/rokede-rijotetosika.pdf
- http://files.ruthbeachink.com/uploads/1/3/1/6/131606492/selaxa-kesur-naligevi-mojewogufid.pdf
- https://cdn.shopify.com/s/files/1/0435/8039/1583/files/zerukasewo.pdf
- https://cdn.shopify.com/s/files/1/0430/6993/1671/files/70081472555.pdf
- https://cdn.shopify.com/s/files/1/0429/7038/2490/files/59363119809.pdf
- https://cdn.shopify.com/s/files/1/0440/8039/8486/files/goburuw.pdf
- https://cdn.shopify.com/s/files/1/0430/1851/8681/files/27690174818.pdf
- https://cdn.shopify.com/s/files/1/0438/6720/9893/files/jubasaledif.pdf
- https://cdn.shopify.com/s/files/1/0438/2598/7734/files/jumupoturutivuxu.pdf
- https://cdn.shopify.com/s/files/1/0432/2590/7368/files/35255020194.pdf
- https://cdn.shopify.com/s/files/1/0428/3210/1543/files/30206054278.pdf
- https://cdn.shopify.com/s/files/1/0432/9088/6299/files/suzamonobuxagugopixig.pdf
- https://cdn.shopify.com/s/files/1/0430/9054/2743/files/savagapuzoxulujuk.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0429/7038/2490/files/59363119809
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007d7e.bin4b4ca8e88be6ae004b20a6dc7e0a9ff28ddf78478d523c9befa59cc72701913a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D7E | 5356 bytes |
font_01_sfnt_off00008f96.bince8176f0423b26e8cb897ab0e7e5221a8213fd20b5cd14ac9e573b97068577f7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8F96 | 10544 bytes |
font_02_sfnt_off0000b3e0.bind8a1a34de14a7b8fce5e51635835121d353d188f9ac9ce1e11538509fd4c5cdc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB3E0 | 16060 bytes |
font_03_sfnt_off0000c8b4.bine83c1dccab69d7f71f2f792575b8facba2d9987ffe48f230e8191163702bb453 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC8B4 | 4028 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.