MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file exhibits characteristics of a link farm, with numerous external links. One of these links, 'https://ttraff.com/pify?keyword=v%25C3%25A1no%25C4%258Dn%25C3%25AD+film+Brandona+routha', is identified as a malicious redirector. The document body appears to be heavily obfuscated or corrupted, but the presence of this malicious link suggests an attempt to redirect the user to a harmful site. The file was generated by wkhtmltopdf, indicating it might be part of a larger phishing or malware distribution scheme.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=v%25C3%25A1no%25C4%258Dn%25C3%25AD+film+Brandona+routha
- http://wevino.animachristiretreats.org/uploads/1/3/0/7/130776008/4424f.pdf
- http://zekemim.elizabethkotite.com/uploads/1/3/1/4/131454415/tudipizaxawizopa.pdf
- http://lutinon.meschkoctt.com/uploads/1/3/1/4/131407995/fd967ebfa.pdf
- https://cdn.shopify.com/s/files/1/0429/5373/6351/files/megutakikevonupijunef.pdf
- https://cdn.shopify.com/s/files/1/0435/1574/0314/files/99746766630.pdf
- https://cdn.shopify.com/s/files/1/0431/0227/3697/files/dajuj.pdf
- https://cdn.shopify.com/s/files/1/0431/7508/4193/files/famiv.pdf
- https://cdn.shopify.com/s/files/1/0433/9436/7649/files/us_home_address.pdf
- https://cdn.shopify.com/s/files/1/0466/5635/6517/files/taribenifuvame.pdf
- https://cdn.shopify.com/s/files/1/0440/9108/0869/files/40452158872.pdf
- https://cdn.shopify.com/s/files/1/0462/3826/9591/files/62995235077.pdf
- https://cdn.shopify.com/s/files/1/0434/6288/5541/files/77961887712.pdf
- https://cdn.shopify.com/s/files/1/0436/5503/7078/files/wenaxotowexexuvedavoxe.pdf
- https://cdn.shopify.com/s/files/1/0428/8839/6959/files/joravevulaliwegofirimis.pdf
- https://cdn.shopify.com/s/files/1/0433/5481/6665/files/blandad_form_division.pdf
- https://cdn.shopify.com/s/files/1/0432/7076/6750/files/schematic_report_sample.pdf
- https://cdn.shopify.com/s/files/1/0429/5429/3402/files/gamafewerupamafotugi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00015e5d.bin94997bf102e2410b23aebceee9c79dbe73568dd4bc1def579a1a2136a1b79277 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15E5D | 5508 bytes |
font_01_sfnt_off00017063.binf9f0bd8192e6c9c7278601c6b77bbdeace5a1e0f440da5297a02d5abd93a4a2e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17063 | 19336 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.