MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF contains a heuristic firing for a malicious redirector link, pointing to 'https://ttraff.com/wix?keyword=reporte+de+inspeccion'. Additionally, it exhibits a PDF link farm heuristic, with numerous links to Shopify-hosted PDFs, suggesting a tactic to obscure malicious intent or distribute content. The document body, though heavily obfuscated, contains the same redirector URL, reinforcing its role as a lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=reporte+de+inspeccion
- https://cdn.shopify.com/s/files/1/0440/0008/4126/files/important_full_forms_of_science.pdf
- https://cdn.shopify.com/s/files/1/0433/9915/1768/files/67473924860.pdf
- https://cdn.shopify.com/s/files/1/0435/8357/0083/files/bharat_ane_nenu_song_lyrics.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/37741658126.pdf
- https://cdn.shopify.com/s/files/1/0432/0837/6482/files/72530011841.pdf
- https://cdn.shopify.com/s/files/1/0432/3567/2219/files/xaterafakilezuwude.pdf
- https://cdn.shopify.com/s/files/1/0435/6908/6619/files/pevupozosebovilago.pdf
- https://cdn.shopify.com/s/files/1/0428/7981/1750/files/mewalenumupopimedegakiti.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/mozinetesabelenigifil.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/58097506778.pdf
- https://cdn.shopify.com/s/files/1/0431/3815/4653/files/atlas_of_human_anatomy_and_surgery.pdf
- https://cdn.shopify.com/s/files/1/0438/3395/0370/files/vaxiwaro.pdf
- https://cdn.shopify.com/s/files/1/0434/4102/9276/files/63468454135.pdf
- https://cdn.shopify.com/s/files/1/0437/5583/1445/files/xiguxejejap.pdf
- https://cdn.shopify.com/s/files/1/0430/5453/0714/files/92646997423.pdf
- https://cdn.shopify.com/s/files/1/0462/1772/4057/files/81311759166.pdf
- https://cdn.shopify.com/s/files/1/0431/7482/2044/files/alleluja_nuty.pdf
- https://cdn.shopify.com/s/files/1/0437/3427/0101/files/48332021654.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006260.bin6d7fad79124101fdcb6597dd441102fcf9422e031867fd36c8c6840727ccd7ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6260 | 4832 bytes |
font_01_sfnt_off000072de.bin6b27199fbcb7c590e2cc9f77dca819bb73d5398db59d8bcbf23113622346793d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x72DE | 2628 bytes |
font_02_sfnt_off00007e08.binbd53fa18b21899be97b9638c82346f72bcddca889fee4e73d64b0eb05da4882c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E08 | 11036 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.