MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a link farm and a specific malicious redirector URL, indicating a phishing or scam attempt. The primary malicious URL is https://ttraff.com/pify?keyword=katalog+mcb+schneider+2018+pdf, which is designed to lure users into clicking by disguising itself as a catalog. The document body, though heavily obfuscated, contains references to this URL and other Shopify links, reinforcing the lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=katalog+mcb+schneider+2018+pdf
- http://files.derrickanthonyking.com/uploads/1/3/2/6/132695408/5869172.pdf
- http://ripokego.paintingsbyashley.com/uploads/1/3/0/9/130969742/xemifadapaboxum_fulosiju_disinimika.pdf
- http://files.fliperentiating.com/uploads/1/3/1/1/131164386/veloguvitetaled.pdf
- http://files.printjazz.com/uploads/1/3/0/9/130969543/6518574.pdf
- http://files.mrsrolen.com/uploads/1/3/1/4/131407194/nigimoxuzoxexatut.pdf
- https://cdn.shopify.com/s/files/1/0432/7853/2758/files/96174289176.pdf
- https://cdn.shopify.com/s/files/1/0433/0625/4494/files/95188123142.pdf
- https://cdn.shopify.com/s/files/1/0449/8967/7736/files/commercial_appraisal_report.pdf
- https://cdn.shopify.com/s/files/1/0431/3530/3831/files/45630238878.pdf
- https://cdn.shopify.com/s/files/1/0427/9320/5916/files/magumemamenatex.pdf
- https://cdn.shopify.com/s/files/1/0433/5029/4687/files/jailbreaking_ipod_6._1._6.pdf
- https://cdn.shopify.com/s/files/1/0436/9186/8313/files/common_stocks_and_uncommon_profits_drive.pdf
- https://cdn.shopify.com/s/files/1/0437/3420/4567/files/57183747245.pdf
- https://cdn.shopify.com/s/files/1/0431/4457/7185/files/gb_whatsapp_uptodown_apk.pdf
- https://cdn.shopify.com/s/files/1/0427/4556/1254/files/most_confusing_questions_with_answers.pdf
- https://cdn.shopify.com/s/files/1/0437/7303/4658/files/87206554548.pdf
- https://cdn.shopify.com/s/files/1/0435/2039/3375/files/anglo_link_english_grammar.pdf
- https://cdn.shopify.com/s/files/1/0428/9508/1625/files/wutedovewedisutuze.pdf
- https://cdn.shopify.com/s/files/1/0431/4791/9516/files/21080747954.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000060b3.bine59d5a6e6ecccdb9d3b47c769f29b9d0ce64aaea3ae5a1a8d728119bb02085b7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x60B3 | 6200 bytes |
font_01_sfnt_off000075a5.bineaed4baf641247f54ae45e354f1bbea44ddf60920b387c162e13ba79c71001e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75A5 | 14336 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.