MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
T1204.002 Malicious Link
The PDF contains a malicious redirector link pointing to 'ttraff.com', which is flagged as malicious. Additionally, it features a large number of embedded links, many pointing to Shopify, suggesting a link farm for SEO manipulation or to obscure the final malicious destination. The presence of a 'download button' lure further supports a phishing or scam attempt.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=s1+fancy+svg
- http://files.lunarlytez.com/uploads/1/3/1/6/131637374/lusamilemefofux-zakoxidunava-sifijone-kiziwizenoxew.pdf
- http://files.caronhunter.com/uploads/1/3/1/8/131857120/rojopatikab.pdf
- http://files.lolearybrock4p91.com/uploads/1/3/0/8/130874369/20407.pdf
- http://files.letspaintarabic.com/uploads/1/3/1/3/131379612/22ab9b14a11.pdf
- http://files.goldensandsresort.ca/uploads/1/3/1/4/131438583/dajulufipakemer-jomedejufivuboz.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/totavari.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/pekazojifedabefotekufof.pdf
- https://cdn.shopify.com/s/files/1/0429/3401/0015/files/rizito.pdf
- https://cdn.shopify.com/s/files/1/0432/8777/3342/files/52011575964.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/24370467333.pdf
- https://cdn.shopify.com/s/files/1/0432/9114/8444/files/91400484431.pdf
- https://cdn.shopify.com/s/files/1/0435/6866/0643/files/84361957912.pdf
- https://cdn.shopify.com/s/files/1/0435/3572/8794/files/66792412899.pdf
- https://cdn.shopify.com/s/files/1/0428/2010/8455/files/fodizomuvakakenuguw.pdf
- https://cdn.shopify.com/s/files/1/0430/5109/0077/files/gufijojakupolasijafize.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/34292265756.pdf
- https://cdn.shopify.com/s/files/1/0438/2133/4688/files/janemunebaguve.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000a87d.bine4cc27f71ce2bf2027911ef137e41b553b72c55ba6acf7f950e25b2aca358fb5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA87D | 5240 bytes |
font_01_sfnt_off0000ba7c.bin84daf345e21b08075a6e329eeacb0a13a0447ddcc3efc64e98a9a4ab9c6a9d9d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBA7C | 1936 bytes |
font_02_sfnt_off0000c3bd.bin541bb3c304e8c944d4b9a7ce623c6730095cc2af2abd9fb3d9b0876eab450fc6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC3BD | 14592 bytes |
font_03_sfnt_off0000f244.bin8bb331f2d9b17dec7f2d4603e3ff1f2e81e28c375b039ffe2b942925158520f1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF244 | 16240 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.