MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF document contains a mass external link farm, with many links pointing to PDF files hosted on Shopify. One prominent link, 'https://ttraff.cc/pify?keyword=netflix+message+s+on+too+many+devices', is identified as a malicious redirector. The document body also contains text consistent with a callback phishing or tech-support scam lure, asking the user to call a number in a billing or security context. The presence of a malicious redirector and the callback lure strongly suggest a phishing or scam attempt.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=netflix+message+s+on+too+many+devices
- http://files.bluelabelproducts.net/uploads/1/3/0/7/130776131/paxifegejusozan-kegulizaxotefi-pamikanemewo-noletelosej.pdf
- http://files.rrasurveyors.com/uploads/1/3/0/7/130740490/1674264.pdf
- https://cdn.shopify.com/s/files/1/0433/2063/9646/files/xegozazujafalanufesaj.pdf
- https://cdn.shopify.com/s/files/1/0436/9815/9784/files/didifadavafibev.pdf
- https://cdn.shopify.com/s/files/1/0431/0679/5686/files/ctet_exam_paper_2020_download.pdf
- https://cdn.shopify.com/s/files/1/0427/7708/4070/files/27795825798.pdf
- https://cdn.shopify.com/s/files/1/0438/6209/8085/files/brookstone_short_throw_projector_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/2639/0951/files/85324773901.pdf
- https://cdn.shopify.com/s/files/1/0430/4306/1913/files/88020974517.pdf
- https://cdn.shopify.com/s/files/1/0464/3291/1512/files/syllogism_rules_and_tricks_with_examples.pdf
- https://cdn.shopify.com/s/files/1/0460/1954/3199/files/google_sheets_if_statement_between_two_numbers.pdf
- https://cdn.shopify.com/s/files/1/0429/6579/4965/files/mewitogevezukamiza.pdf
- https://cdn.shopify.com/s/files/1/0432/8115/4198/files/buxulifekubokonokawusot.pdf
- https://cdn.shopify.com/s/files/1/0430/1615/9385/files/parbolas_e_ensinos_de_jesus_cairbar_schutel.pdf
- https://cdn.shopify.com/s/files/1/0431/6856/3351/files/listening_answers_of_job_satisfaction_study.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005f73.bin5e45e4c30af29d424c35c1dc0c0711d156486b18e02c54f26b00cbbbc1c8ff97 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5F73 | 5444 bytes |
font_01_sfnt_off000071fd.binf9babf84960de3deb900244b69ca90f1f1b50a30d4491a5a25e936a463b05943 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71FD | 9704 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.