MALICIOUS
160
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
T1059.001 PowerShell
This PDF file contains a lure for a 'computer networking tutorial' which, upon clicking, redirects to a malicious URL. The document also contains a mass external PDF link farm, indicating an attempt to manipulate search engine results or distribute further malicious content. The presence of a remote-support tool lure suggests a potential secondary objective of gaining unauthorized access.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Remote-support tool lure high SE_REMOTE_SUPPORT_LUREDocument instructs the user to install, open, or connect with a remote-support tool such as AnyDesk, TeamViewer, Quick Assist, or ScreenConnect — high-risk in an unsolicited document
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=computer+networking+tutorial+pdf+free+download
- http://files.alycewolfe.com/uploads/1/3/1/3/131381677/nidimipapireji_pefobawavu.pdf
- http://files.arlingtonmsband.com/uploads/1/3/1/6/131606087/ddee7.pdf
- http://files.lakappas.com/uploads/1/3/1/3/131380627/babf9c37c6ee9.pdf
- http://files.thepurposedathlete.com/uploads/1/3/1/4/131438330/1676827.pdf
- http://files.mackcommunications.com/uploads/1/3/2/6/132681054/66f99.pdf
- https://cdn.shopify.com/s/files/1/0437/4649/2565/files/72556620795.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/wefudebavisizaku.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/gofusibosaduxigagixuvoma.pdf
- https://cdn.shopify.com/s/files/1/0437/2656/9633/files/too_much_tnt_mod_1._7_10.pdf
- https://cdn.shopify.com/s/files/1/0433/1415/1589/files/73145117200.pdf
- https://cdn.shopify.com/s/files/1/0436/0513/1421/files/ato_mix_virtual_dj.pdf
- https://cdn.shopify.com/s/files/1/0434/4732/0728/files/8349886241.pdf
- https://cdn.shopify.com/s/files/1/0434/3804/7384/files/32721094607.pdf
- https://cdn.shopify.com/s/files/1/0434/7153/6294/files/sesumilolenazogapeno.pdf
- https://cdn.shopify.com/s/files/1/0432/7905/7056/files/23610391261.pdf
- https://cdn.shopify.com/s/files/1/0435/3127/2351/files/90358162357.pdf
- https://cdn.shopify.com/s/files/1/0434/5298/9605/files/donasamonopuzovepif.pdf
- https://cdn.shopify.com/s/files/1/0431/3173/2132/files/83105890651.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006314.bin8a85408a468d3963a2b49a10979c2bc308859f726502e5f573fedd4bc9678320 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6314 | 5244 bytes |
font_01_sfnt_off000074e8.bin345219abc32de70c53d7bd6f8fa5212d0cc9903fd0ef92aa96a12f8f5bc6d1f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x74E8 | 10084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.