MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link pointing to 'https://ttraff.cc/wix?keyword=minutes+template+pages'. It also exhibits characteristics of a PDF SEO link farm, embedding numerous links, with the first being 'https://cdn.shopify.com/s/files/1/0432/0519/7985/files/online_laboratory_reports.pdf'. The document body text, though partially corrupted, includes 'Minutes template pages', suggesting a lure to entice users to click the malicious link. The presence of a malicious redirector indicates an attempt to deliver a secondary payload or redirect to a phishing site.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=minutes+template+pages
- https://cdn.shopify.com/s/files/1/0432/0519/7985/files/online_laboratory_reports.pdf
- https://cdn.shopify.com/s/files/1/0427/9923/5228/files/80155326316.pdf
- https://cdn.shopify.com/s/files/1/0431/5018/0503/files/3308052196.pdf
- https://cdn.shopify.com/s/files/1/0434/1461/8277/files/akra_lai_lai_ringtone.pdf
- https://cdn.shopify.com/s/files/1/0436/7079/8489/files/buyer_s_guide.pdf
- https://cdn.shopify.com/s/files/1/0427/5165/6102/files/83634250674.pdf
- https://cdn.shopify.com/s/files/1/0435/0479/5800/files/86389350939.pdf
- https://cdn.shopify.com/s/files/1/0440/1420/7134/files/bikini_body_guide_2._0_reddit.pdf
- https://cdn.shopify.com/s/files/1/0433/0949/8536/files/kofaputevelaz.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/nuxekenosagulowagegur.pdf
- https://cdn.shopify.com/s/files/1/0430/3428/0087/files/creative_design_responsive_html_template.pdf
- https://cdn.shopify.com/s/files/1/0438/2323/5232/files/bufubogadajuwom.pdf
- https://static.usrfiles.com/ugd/34ec99_19e469e27e774e488536126f4f479915.pdf
- https://static.usrfiles.com/ugd/5b5da7_9df687e1ee8549618464e8fd8d946fc6.pdf
- https://static.usrfiles.com/ugd/e42c35_2eed80800e8546d0b460476e3ef737a0.pdf
- https://static.usrfiles.com/ugd/dc6899_fbee53630eee4e3c95bde81ff9f28162.pdf
- https://static.usrfiles.com/ugd/b8c837_0f14f3c6ac4b44149e830a109770851b.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://cdn.shopify.com/s/files/1/0432/0519/7
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007efd.bine46ba533e53a31b243c3a60b91fce7f7b568afa65a6cfb4cce6fb368fb301ff9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7EFD | 5048 bytes |
font_01_sfnt_off00009027.bin1c587dc2858243da996b699908f0ef8adcedbe4ab857f0038a3115a02981318f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9027 | 10656 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.