MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link and a link farm. The document body, though heavily obfuscated, contains the URL 'https://ttraff.cc/pify?keyword=pa+driving+manual', which is flagged as a malicious redirector. This suggests the document is designed to trick users into visiting a malicious site by presenting a seemingly legitimate link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/pify?keyword=pa+driving+manual
- http://files.crescentmortgagecompany.com/uploads/1/3/0/7/130739204/sesafutajajalivewok.pdf
- http://files.redpointfitness.net/uploads/1/3/0/9/130969260/1699870b.pdf
- http://files.uccststephens.net/uploads/1/3/1/4/131438167/40d07df84.pdf
- http://files.puremichiganminiaussies.com/uploads/1/3/0/8/130814680/soterogu_botoguge_wekadulufufa.pdf
- https://cdn.shopify.com/s/files/1/0432/0762/2824/files/xemibinew.pdf
- https://cdn.shopify.com/s/files/1/0433/1431/5422/files/lawinuv.pdf
- https://cdn.shopify.com/s/files/1/0433/6081/3208/files/gawifev.pdf
- https://cdn.shopify.com/s/files/1/0431/0928/6050/files/13598569231.pdf
- https://cdn.shopify.com/s/files/1/0431/7691/9194/files/41906210919.pdf
- https://cdn.shopify.com/s/files/1/0436/6663/6953/files/77101210232.pdf
- https://cdn.shopify.com/s/files/1/0430/7186/4993/files/51984998356.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/potiwabuvufepatene.pdf
- https://cdn.shopify.com/s/files/1/0434/4286/4289/files/74041620115.pdf
- https://cdn.shopify.com/s/files/1/0429/8804/4442/files/48903686451.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000050ed.bin423684a2465f61c2012c1d4e74e639c52344eba2a81e49f9e6ec440b1514bde4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x50ED | 4160 bytes |
font_01_sfnt_off00005faa.bin53214d1c8faa2ae7cc30f54e634870bd825043b7f71e94ff78bec52ca9f6e084 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FAA | 4600 bytes |
font_02_sfnt_off00006f1a.bin12b5a9a4a721e98da9139678fabbf03021883e1ce0b33362e9dee8dbb999da4b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6F1A | 10184 bytes |
font_03_sfnt_off000091e0.bind1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x91E0 | 4324 bytes |
font_04_sfnt_off00009fe0.bin0b4d6c8240cc104420a8e5bca9c1c2e8578c97e20c36d5112918cc4ec254ed86 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9FE0 | 4084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.