MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, identified as a link farm. One of these links, 'https://ttraff.club/wix?keyword=patton+high+school+morganton+nc', points to a known malicious redirector. The document body appears to be obfuscated or corrupted, but the presence of numerous external links strongly suggests a malicious intent, likely to lure users to malicious sites for phishing or malware delivery.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=patton+high+school+morganton+nc
- http://files.hollywoodroadchurchofchrist.com/uploads/1/3/2/7/132740399/gexubuloru.pdf
- http://files.spinesurgerycleveland.com/uploads/1/3/1/4/131408581/8e316c1df0a5614.pdf
- http://vumid.lshstheatreparents.com/uploads/1/3/1/0/131070197/35296.pdf
- http://files.autorematch.com/uploads/1/3/1/3/131383398/af45609f700301.pdf
- http://files.horshampacovid19.org/uploads/1/3/2/7/132741064/5074762.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/69865881622.pdf
- https://cdn.shopify.com/s/files/1/0437/7670/4664/files/jeevan_shanti_lic_proposal_form.pdf
- https://cdn.shopify.com/s/files/1/0430/8969/0773/files/cayenne_gts_manual_transmission.pdf
- https://cdn.shopify.com/s/files/1/0436/4078/3008/files/dijajoraxalusebid.pdf
- https://cdn.shopify.com/s/files/1/0431/3595/9202/files/25230542707.pdf
- https://cdn.shopify.com/s/files/1/0432/6745/7188/files/poledofewikatikad.pdf
- https://cdn.shopify.com/s/files/1/0439/4532/8808/files/certificate_of_origin_template.pdf
- https://cdn.shopify.com/s/files/1/0467/5724/9187/files/algoritmos_de_ordenamiento_en_java.pdf
- https://cdn.shopify.com/s/files/1/0431/2216/3876/files/xuboxarumuzogosazedaposav.pdf
- https://da878199-bae3-4172-a86f-e8323774da35.filesusr.com/ugd/694d5d_d5c0dc15a54b4ecfbc657d7af2e511b0.pdf?index=true
- https://e95462f2-dcf4-49fe-94a3-4e33e7f5fe3b.filesusr.com/ugd/834936_a81e67a885c243c9891cbe54706cc94c.pdf?index=true
- https://2cc25ae5-7d55-4878-9376-ad38b38d8286.filesusr.com/ugd/4c1554_856c7c966ce94ca58a5f0ff851ec8706.pdf?index=true
- https://01ce47f5-ce7b-4be2-aa22-2b5a5f2a11d8.filesusr.com/ugd/8e66a5_b454c8d44eda4b81803df1132462cd2c.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005efb.bin4414dbbfd1f13421e484a57918f0317c535a69554b8c197170fa9859b128c58a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5EFB | 5216 bytes |
font_01_sfnt_off00007093.binbd366828e710855b023533ad4efcfd37bff5aeab850217f51feec6f4f6acef58 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7093 | 10284 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.