MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious File
The PDF file contains a large number of embedded links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, contains the same URL and keyword as the malicious redirector link, suggesting a lure for users to click on potentially harmful content. The presence of numerous external PDF links further supports a link farm or SEO manipulation tactic.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=chemical+kinetics+problems+with+answers+pdf
- https://static.usrfiles.com/ugd/ebbcbd_1463d4dd44d04b2fb6e486c0039dbf5f.pdf
- https://static.usrfiles.com/ugd/b56239_f9be83ef23264607a7c29bccf721dd1f.pdf
- https://static.usrfiles.com/ugd/ea2c45_9660cc890c1149e2b30a1598a67e5510.pdf
- https://static.usrfiles.com/ugd/d775a9_c41a79cb38ca4594a33035974410227f.pdf
- https://static.usrfiles.com/ugd/c6ac46_bf4790414e3b4f509ec1cb99f0100d9d.pdf
- https://cdn.shopify.com/s/files/1/0434/8038/3653/files/spotify_android_hack.pdf
- https://cdn.shopify.com/s/files/1/0434/1956/6231/files/zomad.pdf
- https://cdn.shopify.com/s/files/1/0433/6785/8334/files/thomas_calculus_11th_edition_solution_full_book.pdf
- https://cdn.shopify.com/s/files/1/0430/3519/7602/files/rpg_maker_mv_sprite.pdf
- https://cdn.shopify.com/s/files/1/0433/4980/3159/files/wukum.pdf
- https://cdn.shopify.com/s/files/1/0431/3304/2839/files/84_asanas_of_hatha_yoga.pdf
- https://cdn.shopify.com/s/files/1/0437/1726/3510/files/calvin_and_hobbes_online.pdf
- https://cdn.shopify.com/s/files/1/0438/0511/4528/files/the_economist_style_guide_download.pdf
- https://cdn.shopify.com/s/files/1/0434/4512/5281/files/2011_ford_escape_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/7950/7872/files/64656925474.pdf
- https://cdn.shopify.com/s/files/1/0431/0378/1013/files/wutenitifiwu.pdf
- https://cdn.shopify.com/s/files/1/0435/9431/7981/files/metformina_850_usos.pdf
- https://cdn.shopify.com/s/files/1/0432/3858/8584/files/expanded_form_definition.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000833c.bin0ebfe920abe01fa262fee5cd5c3ea58297afceb7cae29bd80a572f6dc3307bff |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x833C | 5596 bytes |
font_01_sfnt_off0000961d.bined5a1a77bc84039e468727744fe3fa089e58cb1061dc437b06146e609c6b1de5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x961D | 17056 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.