MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, with one critical heuristic identifying a link to a known malicious redirector. The document body, though heavily obfuscated, contains the target URL, suggesting a phishing or redirection attempt. The presence of numerous links points to a link farm strategy to obscure the malicious destination.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=st+john%2527s+and+st+mary+magdalene+edinburgh
- https://4051eda7-c694-4430-b959-768209ed308a.filesusr.com/ugd/95ea6b_e641d8396e234cd8b165a711b3b62a4a.pdf?index=true
- https://3ba26767-039f-4509-a1e6-014d21eab445.filesusr.com/ugd/595093_ca4ef1a609ec491e8c778f535d80a18a.pdf?index=true
- https://603903a9-d415-471a-ae79-3dba15d41a30.filesusr.com/ugd/65b209_689e95d3e914481cb6a9fd640d36eb28.pdf?index=true
- https://69ee42ca-e951-4557-aeb7-2ab7d981b992.filesusr.com/ugd/314c35_0c52c1e33f17454aa9e6b61e4b04ae2b.pdf?index=true
- https://cdn.shopify.com/s/files/1/0432/9183/6566/files/45812176052.pdf
- https://cdn.shopify.com/s/files/1/0429/9476/1877/files/paduxorisupulemokuti.pdf
- https://cdn.shopify.com/s/files/1/0437/6225/3978/files/minecraft_light_sources_that_dont_melt_snow.pdf
- https://cdn.shopify.com/s/files/1/0429/5340/8675/files/fijutomok.pdf
- https://c63bf8a5-a444-4a47-97b1-60bd456491e8.filesusr.com/ugd/96a426_b0d34c40952d4b5cac7732c53ccad983.pdf?index=true
- https://7d3eb3f8-6eea-4332-bfd4-725605c83fc7.filesusr.com/ugd/0bcf16_d5b5dabf1c2e4b24b1501a034e351193.pdf?index=true
- https://574117dd-9bba-4443-a33a-fc645e0f3177.filesusr.com/ugd/278743_df86515de5e940e7a3d48c533df4ba22.pdf?index=true
- https://17d79742-f893-4baf-bf17-9c612fd03759.filesusr.com/ugd/bfbc46_c334a28197354c31a0021f21b938ac8f.pdf?index=true
- https://cdn.shopify.com/s/files/1/0433/8935/4142/files/45342013414.pdf
- https://cdn.shopify.com/s/files/1/0428/9105/1161/files/xumuzanogilevusasulolim.pdf
- https://cdn.shopify.com/s/files/1/0467/9837/3013/files/60296040662.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005a33.bin845fae0ebaa802ebb6ef3fd240b9d4ded0105518b8f77db7c0a95c30ff4eb42f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A33 | 5696 bytes |
font_01_sfnt_off00006d74.bin0c4fd8f0f98c8d7675cc85c463a03484bad4ecb0aa4e4a272e2106fb7d5f7882 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D74 | 10760 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.