MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF document was identified as malicious due to its inclusion of numerous embedded links. One critical heuristic indicates a PDF link to known malicious redirector infrastructure, specifically 'https://ttraff.com/pify?keyword=diet+plan+for+bodybuilding+beginners+pdf'. Another heuristic flagged it as a PDF SEO link farm, with many links pointing to Shopify-hosted PDFs. The document body, though partially corrupted, also contains the same redirector URL and references to 'diet plan for bodybuilding beginners pdf', suggesting a lure to entice users to click malicious links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=diet+plan+for+bodybuilding+beginners+pdf
- http://files.hermanworks.com/uploads/1/3/1/4/131407148/farobamobabum_mifotedopa.pdf
- http://files.ddssullivan.com/uploads/1/3/1/4/131453194/a92c650cf78924.pdf
- http://files.empoweredwellness.org/uploads/1/3/1/4/131438814/7144139.pdf
- http://botadoru.demonjardin.com/uploads/1/3/0/7/130738732/7319515.pdf
- https://cdn.shopify.com/s/files/1/0429/8119/5927/files/zirukijaxawivato.pdf
- https://cdn.shopify.com/s/files/1/0433/7867/1783/files/candlestick_continuation_patterns.pdf
- https://cdn.shopify.com/s/files/1/0439/7232/9630/files/php_zip_code_validation.pdf
- https://cdn.shopify.com/s/files/1/0437/5927/2090/files/sobinasogidu.pdf
- https://cdn.shopify.com/s/files/1/0429/2670/2758/files/movefipuzagupu.pdf
- https://cdn.shopify.com/s/files/1/0429/8299/8170/files/56439031821.pdf
- https://cdn.shopify.com/s/files/1/0431/3645/0717/files/naruto_shippuuden_episode_77.pdf
- https://cdn.shopify.com/s/files/1/0438/0393/4877/files/vibufofiweza.pdf
- https://cdn.shopify.com/s/files/1/0433/7926/1590/files/favirifejekodironufadafak.pdf
- https://cdn.shopify.com/s/files/1/0427/9179/6902/files/abstract_nouns_in_english.pdf
- https://cdn.shopify.com/s/files/1/0430/2068/1377/files/witinaleroxelu.pdf
- https://cdn.shopify.com/s/files/1/0428/2348/3548/files/72556339893.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006d9d.bin99c896660610ab68e010d938d299f154cc29cdef5aad0892437692d713e48f84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D9D | 5452 bytes |
font_01_sfnt_off00008031.bin0790164c232e9d85adca6d44f78158cdc51ab620803f9a82f6eb0854f1f3c565 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8031 | 10304 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.