MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to external sites. One critical heuristic identified a link to a known malicious redirector, ttraff.com, which is presented in the document body as an 'English unlimited placement test pdf'. This suggests a social engineering lure to trick users into clicking the link. The file also contains numerous other links to Shopify-hosted PDFs, likely part of a link farm to improve search engine ranking for malicious content. No scripts were extracted, but the primary attack vector appears to be the malicious redirector.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=english+unlimited+placement+test+pdf
- http://files.ucointernational.com/uploads/1/3/1/4/131453969/satikivowabu-vajukopuzig-gubarodixekuba-jurowob.pdf
- http://files.dassiedahan-author.com/uploads/1/3/1/4/131436971/wixodasa.pdf
- http://files.loveglitter.com/uploads/1/3/1/3/131398362/4106793.pdf
- http://files.canyoncitygrill.com/uploads/1/3/1/4/131407459/719052.pdf
- https://cdn.shopify.com/s/files/1/0438/2264/5408/files/cash_flow_forecasting_in_software_project_management.pdf
- https://cdn.shopify.com/s/files/1/0432/0844/2020/files/verypdf_to_word_ocr_converter_serial_key.pdf
- https://cdn.shopify.com/s/files/1/0434/4227/4471/files/inkscape_manual_free_download.pdf
- https://cdn.shopify.com/s/files/1/0427/4746/1788/files/74174794581.pdf
- https://cdn.shopify.com/s/files/1/0431/9700/5981/files/ap_grama_sachivalayam_syllabus_2020_in_telugu.pdf
- https://cdn.shopify.com/s/files/1/0429/6772/8279/files/2383872361.pdf
- https://cdn.shopify.com/s/files/1/0435/2973/2248/files/fubetirilota.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/6565103434.pdf
- https://cdn.shopify.com/s/files/1/0435/4346/2037/files/bojupemoxoselu.pdf
- https://cdn.shopify.com/s/files/1/0427/6885/9303/files/54567983993.pdf
- https://cdn.shopify.com/s/files/1/0433/5150/7094/files/6114024340.pdf
- https://cdn.shopify.com/s/files/1/0430/2585/8711/files/duwipuzinosin.pdf
- https://cdn.shopify.com/s/files/1/0431/8383/3249/files/54555945884.pdf
- https://cdn.shopify.com/s/files/1/0432/3573/7755/files/d_alembert_principle.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005bb4.bin7d39ca14f2eda49f8fb09afaf7dc4538af2999e6a23974655954e48603428de6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5BB4 | 5432 bytes |
font_01_sfnt_off00006e06.binfb35211248b1d9c43a0c45d10c63e22534aaf970be506ecc3a1887c92ba5e69e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E06 | 10412 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.