MALICIOUS
130
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Phishing: Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a mass external link farm, with many links pointing to benign Shopify domains, but one critical link to `https://ttraff.cc/wix?keyword=muzzle+flash+effect+free` which is identified as a malicious redirector. The document also contains a visual download button lure, suggesting the user is intended to click the malicious link. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=muzzle+flash+effect+free
- https://cdn.shopify.com/s/files/1/0427/8901/1612/files/94_country_code.pdf
- https://cdn.shopify.com/s/files/1/0428/5808/6559/files/34257123131.pdf
- https://cdn.shopify.com/s/files/1/0435/5260/4328/files/gasidebixunu.pdf
- https://static.usrfiles.com/ugd/e5412a_c07a7c2c7f264f00a2e3453670025eb8.pdf
- https://static.usrfiles.com/ugd/fbccce_fa4c5115f05e45c9834eae941a61b355.pdf
- https://static.usrfiles.com/ugd/9757e7_5a70891f5fb44a54955c21d8531089fd.pdf
- https://static.usrfiles.com/ugd/dad7b5_97b2568195b74a6aaa8e3e54e6b9b7e5.pdf
- https://static.usrfiles.com/ugd/87a178_5b03e0a3922a4acb99b2419f492e9556.pdf
- https://cdn.shopify.com/s/files/1/0436/1873/0147/files/datasheet_templates.pdf
- https://cdn.shopify.com/s/files/1/0430/1006/4537/files/musozilud.pdf
- https://cdn.shopify.com/s/files/1/0432/1925/5454/files/61903501848.pdf
- https://cdn.shopify.com/s/files/1/0438/2290/7554/files/dapelobizepovizufulu.pdf
- https://cdn.shopify.com/s/files/1/0435/2350/6327/files/neonatal_resuscitation_guidelines_2018.pdf
- https://static.usrfiles.com/ugd/02ccf7_e2403157201d4e948ee16df08bba00d4.pdf
- https://static.usrfiles.com/ugd/58a813_c6375192e6584488a479c9da2fe0fad1.pdf
- https://static.usrfiles.com/ugd/1a89c8_ff9fc058cde740258d00c47c49408178.pdf
- https://static.usrfiles.com/ugd/c57cae_391195fb4ea44e298d135fbae64711fa.pdf
- https://static.usrfiles.com/ugd/7f46b5_e9e7524052db4aedb7abd9ec19def70c.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006690.binb18eebcee6b91a7bc60632fa5204e3db03086acaef55cb7fc1f5d3c9fc23230e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6690 | 5024 bytes |
font_01_sfnt_off000077ab.bin4910d0177da9f60ecc92c13a34fae8c5c38ffafb9e4e22a3c3fd987548b79157 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77AB | 6148 bytes |
font_02_sfnt_off0000878c.bin69df9fcedea5d83dd09b291e1735cf30fada59380360da9ec1c61c947833a05c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x878C | 10524 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.