MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a prominent link disguised as a download for 'Navodaya answer sheet sample 2019'. This link, 'https://ttraff.club/wix?keyword=navodaya+answer+sheet+sample+2019', is flagged as a malicious redirector. The document also exhibits characteristics of a link farm, with numerous embedded URLs, many pointing to Shopify. The presence of a visual download button further supports a social engineering lure. No scripts were extracted, but the primary malicious activity appears to be redirecting the user to a malicious site via a deceptive link.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=navodaya+answer+sheet+sample+2019
- https://cdn.shopify.com/s/files/1/0430/2825/0781/files/90206268776.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/84312174386.pdf
- https://cdn.shopify.com/s/files/1/0431/0587/8167/files/devipiwow.pdf
- https://cdn.shopify.com/s/files/1/0432/7515/7670/files/xufexapepimoripur.pdf
- https://cdn.shopify.com/s/files/1/0432/8977/2190/files/lubap.pdf
- https://static.usrfiles.com/ugd/e2c250_2feacccd570c43da9870658c367dcb60.pdf
- https://static.usrfiles.com/ugd/87d215_6ca7b5afd1dc40f49947d67e84789f4e.pdf
- https://static.usrfiles.com/ugd/e6092c_5ab34b07ec964961abbe56820f855b1c.pdf
- https://cdn.shopify.com/s/files/1/0433/8424/2337/files/44807183898.pdf
- https://cdn.shopify.com/s/files/1/0432/2449/8333/files/assessment_in_special_needs_education.pdf
- https://cdn.shopify.com/s/files/1/0433/0877/7637/files/gajujisiwadetewogub.pdf
- https://cdn.shopify.com/s/files/1/0432/2613/6743/files/qualities_of_transactional_leadership.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/bovabokuvuxinapuwukiberem.pdf
- https://cdn.shopify.com/s/files/1/0429/9620/3679/files/bubanoborifen.pdf
- https://cdn.shopify.com/s/files/1/0428/7243/8947/files/22639398235.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006761.bin7e4b531029d3e262b0b5cb913b5e937892b73ef854d334633bc30d1df29c3bf4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6761 | 5904 bytes |
font_01_sfnt_off00007b74.bina89015a7a651b612389b15b167331f84c93076c10509a2f2ab87762b19491168 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7B74 | 10192 bytes |
font_02_sfnt_off00009e88.bin024ba34e44d6edd0b1f57ea722a940194259d8b5942f97f5f476c38d0f2edf16 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9E88 | 7980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.