MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
T1059.001 PowerShell
The PDF document contains a prominent link that redirects to a known malicious URL, masquerading as a form for 'Aieee 2019'. The document also exhibits characteristics of a link farm, with numerous embedded URLs pointing to various PDF files, likely for SEO manipulation or to host further malicious content. The presence of a 'visible LOLBin command execution instruction' heuristic suggests that the document may also contain embedded commands or instructions for executing malicious scripts or binaries, potentially leveraging tools like PowerShell.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visible LOLBin command execution instruction high SE_LOLBIN_RUN_COMMANDDocument contains instructions or visible command text involving Windows script/execution tools such as PowerShell, mshta, cmd, rundll32, or regsvr32
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=aieee+2019+form+last+date
- http://files.cooriecurls.com/uploads/1/3/2/3/132303035/susepotetupixe_pumof_fudezotisixi.pdf
- http://files.tiafinnauthor.com/uploads/1/3/1/3/131379999/3838286.pdf
- https://cdn.shopify.com/s/files/1/0432/3082/2555/files/adobe_illustrator_cc_2020_shortcuts.pdf
- https://cdn.shopify.com/s/files/1/0438/2782/2749/files/reckless_love_bethel_chords.pdf
- https://cdn.shopify.com/s/files/1/0437/6811/9448/files/16647317515.pdf
- https://cdn.shopify.com/s/files/1/0429/5104/9370/files/61488392639.pdf
- https://cdn.shopify.com/s/files/1/0434/4270/0455/files/sijirabenedunasak.pdf
- https://cdn.shopify.com/s/files/1/0431/2144/2965/files/2343130905.pdf
- https://cdn.shopify.com/s/files/1/0438/8959/0427/files/36721783051.pdf
- https://cdn.shopify.com/s/files/1/0432/1778/0896/files/getanevajukitexapi.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/20675343362.pdf
- https://cdn.shopify.com/s/files/1/0439/6823/3630/files/april_current_affairs_2020_study_iq.pdf
- https://cdn.shopify.com/s/files/1/0430/7147/1767/files/95980944998.pdf
- https://cdn.shopify.com/s/files/1/0435/0381/2773/files/tilad.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000061bc.bin6083f92beb4b503e3d262d6e3d7a1f1734facbdba60758f509efb228dfb8469b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61BC | 5524 bytes |
font_01_sfnt_off00007460.binf2852d9db7aab5536cae59472268a294e882639e8150c5b25bc40215dde44569 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7460 | 10316 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.