MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a large number of embedded links, many of which point to external PDF files, suggesting a link farm for SEO manipulation or to hide malicious redirects. One critical heuristic identified a link to a known malicious redirector, `https://ttraff.cc/pify?keyword=free+download+niv+bible+pdf+format`, which is likely intended to lead the user to a malicious site. The document body contains text related to 'free download niv bible pdf format', reinforcing the lure. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=free+download+niv+bible+pdf+format
- http://jetibaxib.mollyjoseph2.com/uploads/1/3/0/8/130814411/midevavowepalub.pdf
- http://files.frank-webb.com/uploads/1/3/1/4/131453574/7997259.pdf
- http://zuvugofaf.deiduemondi.com/uploads/1/3/1/3/131383314/1413362.pdf
- http://files.sandiegocsi.org/uploads/1/3/1/4/131454040/jukofaxedim.pdf
- http://jumag.gardenpathindoor.com/uploads/1/3/1/6/131636725/duzesezepanebi_jumanedevipa_vuzuneludu_penebimuwonawad.pdf
- https://cdn.shopify.com/s/files/1/0447/8284/6109/files/bazigar_novel_download.pdf
- https://cdn.shopify.com/s/files/1/0435/2560/3488/files/apprendre_le_piano_seul.pdf
- https://cdn.shopify.com/s/files/1/0437/5327/5546/files/vikelijajegapemidixewufab.pdf
- https://cdn.shopify.com/s/files/1/0429/2011/6380/files/logag.pdf
- https://cdn.shopify.com/s/files/1/0435/0397/6614/files/91928446981.pdf
- https://cdn.shopify.com/s/files/1/0433/8896/0933/files/the_tattooist_of_auschwitz_online.pdf
- https://cdn.shopify.com/s/files/1/0434/0088/8469/files/object_thinking_david_west.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/57032902602.pdf
- https://cdn.shopify.com/s/files/1/0431/1256/2849/files/lejijeretuva.pdf
- https://cdn.shopify.com/s/files/1/0430/3618/0634/files/zudadipevejivedadajum.pdf
- https://cdn.shopify.com/s/files/1/0433/7218/3703/files/95809033423.pdf
- https://cdn.shopify.com/s/files/1/0431/4306/9845/files/72989441379.pdf
- https://cdn.shopify.com/s/files/1/0431/5276/9192/files/fusasavev.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007411.bin69e994bf924218da85ec29ceb1c6c1363c476d59feea10ea160e1c6335668ef5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7411 | 5256 bytes |
font_01_sfnt_off000085ef.bin0d7098afc67803da6493c0ab2284b64ebdef48abdc84cc447c424bf59e130fb6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85EF | 10704 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.