MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.001 Malicious Link
T1059.001 PowerShell
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/pify?keyword=ashraful+hidaya+part+2'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded links, many hosted on Shopify. The document body contains obfuscated text and a reference to the malicious URL, suggesting an attempt to disguise the malicious intent. The primary goal appears to be directing the user to malicious infrastructure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=ashraful+hidaya+part+2
- http://files.pastor-dobi.com/uploads/1/3/0/9/130969052/e0a8dae049d.pdf
- http://files.5degreespsychotherapy.com/uploads/1/3/1/4/131454221/8b14fd1e06.pdf
- http://lurexotek.powysdragons.com/uploads/1/3/1/0/131070588/d367351c3c7574.pdf
- https://cdn.shopify.com/s/files/1/0439/4277/2891/files/22388218380.pdf
- https://cdn.shopify.com/s/files/1/0431/7442/8827/files/gojadanojomawokosupexip.pdf
- https://cdn.shopify.com/s/files/1/0437/7945/7173/files/9505222173.pdf
- https://cdn.shopify.com/s/files/1/0437/0441/8455/files/army_of_two_xbox_360.pdf
- https://cdn.shopify.com/s/files/1/0437/7765/4942/files/dupibafopobijosuforuki.pdf
- https://cdn.shopify.com/s/files/1/0433/4315/1272/files/97577891358.pdf
- https://cdn.shopify.com/s/files/1/0432/3826/0899/files/nojanutogimu.pdf
- https://cdn.shopify.com/s/files/1/0438/5187/4466/files/kotusetemomaxatag.pdf
- https://cdn.shopify.com/s/files/1/0434/7707/4077/files/types_of_industrial_boilers.pdf
- https://cdn.shopify.com/s/files/1/0440/9055/6568/files/71373483125.pdf
- https://cdn.shopify.com/s/files/1/0429/5357/2515/files/fundamentals_of_differential_calculus.pdf
- https://cdn.shopify.com/s/files/1/0431/0299/4586/files/yt_www_watchqueue_loadthumbnails.pdf
- https://cdn.shopify.com/s/files/1/0430/5358/0437/files/29712345567.pdf
- https://cdn.shopify.com/s/files/1/0432/8466/0380/files/candela_italy_application_form.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000686b.bin288cf1721550c8860fd321738abf8e2e858a0c34129e32d782b71616845d9748 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x686B | 5352 bytes |
font_01_sfnt_off00007aa0.bina2e65e67f7b61522de0fc1085dcf143287276607223a74e640597a771e981b9e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7AA0 | 10024 bytes |
font_02_sfnt_off00009d12.bina9f399e294a79e74dc4239344c45ec32fd8bb7b71716ce8552b9356c04a52e7c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9D12 | 16952 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.