MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, a technique often used to distribute malicious content or phish for information. The primary URL, https://ttraff.com/pify?keyword=search+console+api+google+sheets, is identified as a malicious redirector, indicating an attempt to lead the user to a harmful destination. The document body is heavily obfuscated, but the presence of numerous links, including those hosted on Shopify, suggests a link farm or SEO poisoning tactic to lure unsuspecting users. No scripts were extracted, limiting the analysis of direct payload execution.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=search+console+api+google+sheets
- http://biwodura.microskytech.com/uploads/1/3/1/6/131636655/2dffaa7d9df40dc.pdf
- http://files.findingpurposeandjoy.com/uploads/1/3/1/4/131410007/973771e528cdfa1.pdf
- http://sumum.napavalleycharters.com/uploads/1/3/1/8/131871864/7773900.pdf
- https://cdn.shopify.com/s/files/1/0430/1979/6633/files/85666882688.pdf
- https://cdn.shopify.com/s/files/1/0433/3089/6026/files/nopurosalumuzagazuzud.pdf
- https://cdn.shopify.com/s/files/1/0432/5523/4710/files/at_last_a_life_free.pdf
- https://cdn.shopify.com/s/files/1/0432/9121/3990/files/jufenozadutopuw.pdf
- https://cdn.shopify.com/s/files/1/0434/2031/9893/files/51265290030.pdf
- https://cdn.shopify.com/s/files/1/0437/1460/9305/files/sleep_apnea_treatment_options.pdf
- https://cdn.shopify.com/s/files/1/0436/9947/0486/files/82197794237.pdf
- https://cdn.shopify.com/s/files/1/0430/8110/5575/files/guida_turistica_cagliari.pdf
- https://cdn.shopify.com/s/files/1/0430/3739/3049/files/autism_spectrum_disorder_symptoms.pdf
- https://cdn.shopify.com/s/files/1/0434/4093/0983/files/78255063067.pdf
- https://cdn.shopify.com/s/files/1/0431/5945/3845/files/how_to_craft_eye_of_ender.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/libidurekatomanazavevufi.pdf
- https://cdn.shopify.com/s/files/1/0438/9548/8680/files/brewingz_menu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000085ef.binfad69851c7590b540eb39a6afbf1982a036de35605ea5be4f43fe7e30eb3b30d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x85EF | 5300 bytes |
font_01_sfnt_off000097dd.bind918852899765e28c26fe705dc9d50d83e028b3a9f347d7d67018d527f74f6ad |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97DD | 10840 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.