MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
The PDF contains a malicious redirector link disguised as a download button, which is a common lure for phishing or malware delivery. The heuristic PDF_MALICIOUS_REDIRECTOR_LINK confirms the malicious nature of the primary URL. Additionally, the PDF_SEO_LINK_FARM heuristic indicates a large number of external links, many of which point to benign Shopify URLs, likely as a distraction or to appear legitimate. The document body contains the primary malicious URL and a generic download lure phrase.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=browsecontrol+free++full
- https://cdn.shopify.com/s/files/1/0440/8652/6102/files/20470048298.pdf
- https://cdn.shopify.com/s/files/1/0430/1642/1529/files/werij.pdf
- https://cdn.shopify.com/s/files/1/0428/3128/2335/files/57650062608.pdf
- https://cdn.shopify.com/s/files/1/0434/8339/8310/files/brigitte_de_suede.pdf
- https://static.usrfiles.com/ugd/33a2e4_c792599eebd44b13afc9ab5d7b3802de.pdf
- https://static.usrfiles.com/ugd/1cc777_839e6d8dbb01455f98b91c20364ec45c.pdf
- https://static.usrfiles.com/ugd/4fb05f_3db89e202e784258b169ff21a80b0b59.pdf
- https://static.usrfiles.com/ugd/c79b1c_2785d4627551429da781642773e076ae.pdf
- https://static.usrfiles.com/ugd/55cc32_d93ef8b35f524806a7d4c3bdd603b143.pdf
- https://static.usrfiles.com/ugd/2b25e8_b4ea5dc40ce841d0a4651c2a073c61b3.pdf
- https://static.usrfiles.com/ugd/cac9e4_9adc1c63c85246bd86a6afdb987f95bc.pdf
- https://static.usrfiles.com/ugd/8c0e65_b546fdc1a437492396fb2b81ae36ad04.pdf
- https://static.usrfiles.com/ugd/6f53d7_57836312de704fbdb64e3e4f36146b5b.pdf
- https://cdn.shopify.com/s/files/1/0437/1211/8952/files/fajufipemu.pdf
- https://cdn.shopify.com/s/files/1/0463/9578/5371/files/bittorrent_utorrent_free.pdf
- https://cdn.shopify.com/s/files/1/0428/9599/9129/files/satupazapexemewebupov.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00005fae.bin8d3612cf0f68d83a473126af961d4975fa5f631d40126f03d5d142b366edb640 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FAE | 4808 bytes |
font_01_sfnt_off00007032.bindb3bd33be51a9ae95f82535b7ce4a65a8527ba3cc4e71b38b7a3433d7d6cdd0b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7032 | 10492 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.