MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link that redirects to malicious infrastructure, as indicated by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body and numerous embedded URLs suggest a lure to download further content, potentially a malicious payload. The PDF_SEO_LINK_FARM heuristic indicates a large number of external PDF links, many hosted on cdn.shopify.com, which are likely part of a link farm to improve search engine ranking for the malicious content.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=date+sheet+gndu+ba+1st+sem
- http://files.greatcowbasic.com/uploads/1/3/1/8/131856907/bugobadewuderasebado.pdf
- http://mekovijed.confidentlyuare.org/uploads/1/3/1/8/131871462/7059024.pdf
- http://files.doubleimagetheaterlab.com/uploads/1/3/2/6/132681617/67b562ad87.pdf
- http://files.cflhfes.com/uploads/1/3/1/4/131407469/kibaxutup-xonaxawa-xurez.pdf
- http://files.monroecounty2020.com/uploads/1/3/0/8/130873708/7560252.pdf
- https://cdn.shopify.com/s/files/1/0433/4705/0661/files/controls_and_variables_spongebob_answer_key.pdf
- https://cdn.shopify.com/s/files/1/0430/7304/4634/files/zogidofugifawurobe.pdf
- https://cdn.shopify.com/s/files/1/0432/7361/7576/files/18378426603.pdf
- https://cdn.shopify.com/s/files/1/0431/8606/1480/files/53340893807.pdf
- https://cdn.shopify.com/s/files/1/0435/9893/8274/files/katuletemi.pdf
- https://cdn.shopify.com/s/files/1/0434/6095/2229/files/72709135349.pdf
- https://cdn.shopify.com/s/files/1/0428/9318/1087/files/reading_comprehension_past_simple_regular_verbs.pdf
- https://cdn.shopify.com/s/files/1/0429/4580/6503/files/.pdf
- https://cdn.shopify.com/s/files/1/0431/4356/1373/files/colspan_autotable_jspdf.pdf
- https://cdn.shopify.com/s/files/1/0434/1835/3821/files/gipugetumanaja.pdf
- https://cdn.shopify.com/s/files/1/0446/1743/3251/files/meek_mills_traumatized_lyrics.pdf
- https://cdn.shopify.com/s/files/1/0429/7159/4911/files/31409890128.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000072cc.bin8836dbdcd0a1409fc2bb48147863b150f050908025286b9153fe5556a35a3e6a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72CC | 5304 bytes |
font_01_sfnt_off000084ae.bind3fc7801dfaced349b1e24d5104649b1c008ff1a84506a3a55b03e14f53cfa89 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x84AE | 11012 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.