MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://ttraff.ru/wix?keyword=may+2019+calendar+malayalam'. Additionally, it exhibits a PDF link farm behavior, embedding numerous links, with the first being 'https://cdn.shopify.com/s/files/1/0432/0083/9842/files/nikko_japan_guide.pdf'. The presence of a 'download button' heuristic suggests a social engineering lure to trick the user into clicking these links.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/wix?keyword=may+2019+calendar+malayalam
- https://cdn.shopify.com/s/files/1/0432/0083/9842/files/nikko_japan_guide.pdf
- https://cdn.shopify.com/s/files/1/0439/4457/5131/files/72398931834.pdf
- https://cdn.shopify.com/s/files/1/0439/3615/3755/files/81794144053.pdf
- https://cdn.shopify.com/s/files/1/0434/2654/5820/files/apus_launcher_for_android.pdf
- https://cdn.shopify.com/s/files/1/0434/0563/9830/files/alfa_romeo_156_selespeed_manual.pdf
- https://static.usrfiles.com/ugd/289c5e_21054d0b87f34ae4b47625656eeede6e.pdf
- https://static.usrfiles.com/ugd/b8c837_2022674e470743d2b4a94ddb18289e38.pdf
- https://cdn.shopify.com/s/files/1/0429/0389/6217/files/13768110567.pdf
- https://cdn.shopify.com/s/files/1/0432/9691/5621/files/adobe_after_effect_cs6_free_download_32_bit.pdf
- https://cdn.shopify.com/s/files/1/0433/9925/0072/files/76972193649.pdf
- https://cdn.shopify.com/s/files/1/0460/6545/1163/files/seagate_crystal_reports_latest_versi.pdf
- https://static.usrfiles.com/ugd/c7a620_5b2c89372b4f44169fd10ef0b564d97b.pdf
- https://static.usrfiles.com/ugd/02beb7_bafc092ac3eb498d8bd11e89d0bbc386.pdf
- https://static.usrfiles.com/ugd/b8c837_a0bf76ed2e9d4340941d420442a5ad67.pdf
- https://static.usrfiles.com/ugd/b8c837_66d471974631470d906d39d0ad24135d.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004a65.binf1f61130f7879c6caa1f3095a254a33aeb8c2d3c1d580c7d34110fe79288d606 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4A65 | 5496 bytes |
font_01_sfnt_off00005d04.binbdaa2dfff21cfc883cce15dfe83cfeb185e7ffc197294e2baf05e6272766855c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D04 | 9092 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.