MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with one heuristic specifically identifying it as a 'PDF SEO Link Farm'. The primary malicious link, 'https://ttraff.ru/pify?keyword=teleport+photo+editor+apk+free', suggests a potential lure or redirector. The document body is heavily obfuscated and contains a mix of seemingly random characters and URLs, further supporting the idea of a malicious document designed to manipulate search engine results or redirect users to harmful content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=teleport+photo+editor+apk+free
- http://mupujemu.wakullagridironclub.com/uploads/1/3/1/3/131398102/e80f22.pdf
- http://widajufi.depthstiny.com/uploads/1/3/0/8/130814579/jajuvabegojenoj.pdf
- https://cdn.shopify.com/s/files/1/0434/3149/3784/files/venekajedovib.pdf
- https://cdn.shopify.com/s/files/1/0438/3683/3952/files/33828158254.pdf
- https://cdn.shopify.com/s/files/1/0429/7539/5993/files/lutevapitevujemelujonil.pdf
- https://cdn.shopify.com/s/files/1/0438/8493/7384/files/trastornos_alimentarios_en_la_adolescencia.pdf
- https://cdn.shopify.com/s/files/1/0439/2773/2379/files/nivotaxewujitapalazuge.pdf
- https://cdn.shopify.com/s/files/1/0429/2725/9815/files/platform_glitter_high_heel_shoes.pdf
- https://cdn.shopify.com/s/files/1/0430/5698/8311/files/62658613941.pdf
- https://cdn.shopify.com/s/files/1/0429/8421/0583/files/90493436341.pdf
- https://cdn.shopify.com/s/files/1/0434/3391/8616/files/xaxivelumin.pdf
- https://cdn.shopify.com/s/files/1/0434/3011/7526/files/90537683231.pdf
- https://cdn.shopify.com/s/files/1/0431/7125/0336/files/97331390592.pdf
- https://cdn.shopify.com/s/files/1/0430/1350/5185/files/49088060939.pdf
- https://cdn.shopify.com/s/files/1/0431/2160/6820/files/80811723587.pdf
- https://cdn.shopify.com/s/files/1/0433/0723/7531/files/architecting_with_google_cloud_platform_exam.pdf
- https://cdn.shopify.com/s/files/1/0432/7266/7296/files/xefobibamuvibe.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000524c.bineb2c191fd1587a7762a77b9898d13e935de5e7da4484875f50406553c0d528e7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x524C | 4964 bytes |
font_01_sfnt_off0000632a.bina036a4aa256dfcad0d4488af6e78968c0a7b51d66abf8bac9f1f445ec037a4cd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x632A | 10196 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.