MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains numerous links, with one identified as a malicious redirector pointing to 'ttraff.ru'. This suggests a phishing or scam attempt where the user is tricked into downloading a file or visiting a malicious site. The document body, though heavily obfuscated, contains the malicious URL, reinforcing the attack pattern. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=bengali+alphabet+in+english+pdf
- http://zezijol.wuxiangyue.com/uploads/1/3/1/0/131070043/lesoj-jararat-jixemiwasafi-fijimuzebu.pdf
- http://files.crossfitwestgeist.com/uploads/1/3/1/3/131384374/rewafejugug.pdf
- http://files.egtny.com/uploads/1/3/1/4/131405977/8fee5.pdf
- http://files.ediblegroup.net/uploads/1/3/1/4/131452988/fapulotitoxufaf.pdf
- http://files.nundahpetsitter.com/uploads/1/3/0/7/130776511/rivosawutusi.pdf
- https://cdn.shopify.com/s/files/1/0427/9474/6023/files/kipuxu.pdf
- https://cdn.shopify.com/s/files/1/0437/8938/5890/files/oppositional_defiant_disorder_in_adults.pdf
- https://cdn.shopify.com/s/files/1/0428/5713/6294/files/90599462368.pdf
- https://cdn.shopify.com/s/files/1/0433/0936/7454/files/690103846.pdf
- https://cdn.shopify.com/s/files/1/0432/8135/0820/files/twitter_gif_to_phone.pdf
- https://cdn.shopify.com/s/files/1/0432/3295/2477/files/fezuvularavev.pdf
- https://cdn.shopify.com/s/files/1/0459/6485/3408/files/kepabibawuzapikum.pdf
- https://cdn.shopify.com/s/files/1/0440/1725/4565/files/tamil_horror_movies_2017.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012981.binbbbab746b071383d76341357a0b359db653851d4e4ff5f9682431d61eebae7fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12981 | 5396 bytes |
font_01_sfnt_off00013bcb.bin6151475bfeb89be45904469037e69d4bee45ead0e9043423067d077dc7ce526d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13BCB | 60128 bytes |
font_02_sfnt_off0001ba53.bin251a2f4f4c4a76381eb99f81b8648b9923d8c9317ec4c29863ad6115ea680532 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1BA53 | 3056 bytes |
font_03_sfnt_off0001c727.bin7efea924d3d3176a21374a0247da017124abcefc03e39e0f11c52e078be63258 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C727 | 20352 bytes |
font_04_sfnt_off000200bd.bin55ee31f2b9c575572aca401957c5cf2f3b57b55b1dd57d1bb6d1e144d3512b41 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x200BD | 16088 bytes |
font_05_sfnt_off000215ab.bin4c077d0f29845b2046e8e0684185c93ee80f1532764475e8ad2c9e44b4253371 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x215AB | 2280 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.