MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF file contains numerous embedded links, with one specifically pointing to a known malicious redirector infrastructure. The document body, though heavily obfuscated, contains keywords related to 'charitable trust deed format' and includes the malicious URL, aligning with an advance-fee scam lure. The presence of a link farm suggests an attempt to distribute malicious content or redirect users to phishing sites.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=charitable+trust+deed+format
- https://cdn.shopify.com/s/files/1/0430/5109/0077/files/78049452236.pdf
- https://cdn.shopify.com/s/files/1/0429/8981/3909/files/77284722318.pdf
- https://cdn.shopify.com/s/files/1/0433/6012/5080/files/free_amplified_bible_offline.pdf
- https://static.usrfiles.com/ugd/b8c837_726d7865b7ca4c238f41e6bf1c127b09.pdf
- https://static.usrfiles.com/ugd/625844_8046ec3a5a164dbba82940f8a34c4f93.pdf
- https://static.usrfiles.com/ugd/a4d998_d8a6df7d6cab4e18aea93e2cc7b22dfe.pdf
- https://static.usrfiles.com/ugd/225520_a7fa5bd7565b4a868cef05fb14e23e07.pdf
- https://static.usrfiles.com/ugd/b8c837_71ee7a45dfad423e9b5932f2d52fef28.pdf
- https://static.usrfiles.com/ugd/b65acf_56e4cfffc44a432ab680114f2c73e55a.pdf
- https://static.usrfiles.com/ugd/32acb1_0a4377a115d44a2c85265af4cf0d2a9f.pdf
- https://static.usrfiles.com/ugd/b8c837_4cea11174dbc44afa9a07ec8658a7a10.pdf
- https://static.usrfiles.com/ugd/8d0191_e6689a9ba20943049e513e5673e76185.pdf
- https://static.usrfiles.com/ugd/f1d680_aea9d6ec4e8343eaa2b71ee3e81f2760.pdf
- https://static.usrfiles.com/ugd/0ebc1f_9fb2035b56bd4b188496d83a04be7977.pdf
- https://static.usrfiles.com/ugd/e33828_a6e413599f704fbea58442e1537cc88b.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d943.bin4aba2bb845853324476be69e5ed1bf4ff35002942389efac2b843cac1129f0e9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD943 | 2828 bytes |
font_01_sfnt_off0000e33e.bin39667d969b246265eb806aa935f9f2a064f32df6949c022c7dc47d7c1fdf54eb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE33E | 5192 bytes |
font_02_sfnt_off0000f4b2.bin65e8d09f07b6a3e8f05f4ef16abb7978b03475251781b7bfc7499d13760db90f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF4B2 | 9932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.