MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a large number of embedded links, many of which point to a redirector service. The primary heuristic indicates that these links are designed to lead users to malicious infrastructure. The document body, though heavily obfuscated, contains text related to a 'Panorama journal algerien en arabe pdf', suggesting a lure to obtain this document. The presence of a malicious redirector link is the highest priority IOC.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=panorama+journal+algerien+en+arabe+pdf
- http://files.upcountryfarms.com/uploads/1/3/2/6/132680949/bfe32cf4fb2c05.pdf
- http://files.dawes.work/uploads/1/3/0/7/130775905/bivuxoja-gunisa-samuvoriv.pdf
- http://files.northshorerhythmics.com/uploads/1/3/2/6/132695714/5442721.pdf
- http://files.kathrynprice.co.nz/uploads/1/3/0/7/130776516/503007.pdf
- https://cdn.shopify.com/s/files/1/0433/4406/8773/files/sevafiwimapilofov.pdf
- https://cdn.shopify.com/s/files/1/0431/3117/5063/files/gedaboxanipetalulurakalof.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/jivanup.pdf
- https://cdn.shopify.com/s/files/1/0431/8524/2269/files/83405076691.pdf
- https://cdn.shopify.com/s/files/1/0428/8780/7129/files/43677076907.pdf
- https://cdn.shopify.com/s/files/1/0434/4047/2229/files/zujulime.pdf
- https://cdn.shopify.com/s/files/1/0431/6938/2557/files/fogama.pdf
- https://cdn.shopify.com/s/files/1/0437/4809/8209/files/bajafekuvifumovud.pdf
- https://cdn.shopify.com/s/files/1/0429/6844/9180/files/sasinonugefozawu.pdf
- https://cdn.shopify.com/s/files/1/0432/7945/0272/files/luleteremise.pdf
- https://cdn.shopify.com/s/files/1/0430/8166/2628/files/57591074530.pdf
- https://cdn.shopify.com/s/files/1/0429/0831/9907/files/nizorakunilob.pdf
- https://cdn.shopify.com/s/files/1/0432/4546/9858/files/22339928424.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0431/8524/2269/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008455.binf757c44cd19c9a3d6288a85b4ce91d5ce3280099c834c91d2f76a1c0f64d98f6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8455 | 5204 bytes |
font_01_sfnt_off000095e0.bin1c3ed9ad32bab2a824904a6758b3b567e10b5052609ce17ef9f03654c1811774 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x95E0 | 12088 bytes |
font_02_sfnt_off0000bc6d.bin56c594585a0de3fa17138b2c97db17756ce4e98fb65518e2075f92215b19b860 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBC6D | 17068 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.