MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was identified as a malicious redirector and a link farm. It contains numerous embedded links, with one pointing to a known malicious redirector at 'ttraff.club'. The document body, though heavily obfuscated, also contains this URL and other benign-looking PDF links hosted on Shopify, suggesting a tactic to disguise malicious intent within a large number of seemingly legitimate links. The primary attack pattern involves luring users to malicious sites via these links.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.club/wix?keyword=wavelet+transform+in+image+processing+matlab+code
- https://cdn.shopify.com/s/files/1/0440/9986/2680/files/corsair_cx500_manual.pdf
- https://cdn.shopify.com/s/files/1/0459/2451/5989/files/benchmark_para_pc.pdf
- https://cdn.shopify.com/s/files/1/0429/8099/9321/files/gojage.pdf
- https://cdn.shopify.com/s/files/1/0457/6237/9940/files/allowance_for_doubtful_accounts_balance_sheet_entry.pdf
- https://cdn.shopify.com/s/files/1/0431/4418/3974/files/scratch_1._4_for_windows_8.pdf
- https://cdn.shopify.com/s/files/1/0433/8538/9212/files/78263339053.pdf
- https://cdn.shopify.com/s/files/1/0429/9672/7961/files/wofadatorunatejadujuguf.pdf
- https://cdn.shopify.com/s/files/1/0429/7333/1609/files/62542400842.pdf
- https://cdn.shopify.com/s/files/1/0429/9587/5989/files/adobe_illustrator_fonts_pack.pdf
- https://cdn.shopify.com/s/files/1/0435/4814/7867/files/zorewopojivafutol.pdf
- https://static.usrfiles.com/ugd/ca9b0a_7da13dd61c5d4c8a99048c82e920bb85.pdf
- https://static.usrfiles.com/ugd/81d6a4_da103b34c85746409cc3f9d5702040a8.pdf
- https://static.usrfiles.com/ugd/bf07b1_d7913b229c8c4a8ca3000d76e1759651.pdf
- https://static.usrfiles.com/ugd/b80405_85e1fc7059f94c4193e4624e8390f6f5.pdf
- https://static.usrfiles.com/ugd/7603ae_f8a276a6cd7149aaaa6a2ac7b9e893a1.pdf
- https://static.usrfiles.com/ugd/173616_d676d07bedf14560880bef6bb7cd33e9.pdf
- https://static.usrfiles.com/ugd/b8c837_784bfa14201d4a65a47962ecca116fc2.pdf
- https://static.usrfiles.com/ugd/87a178_7b332080183b4edebbdbc40f01babad0.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000057e7.bin8a0f3cee642bb043e4134ee79bc72b1fb2807a85d3003988cf34e7d18ecec428 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57E7 | 5688 bytes |
font_01_sfnt_off00006b35.bindd2ba402e2245810e879bc96628a66a48e7dddfb6dc52f4675347cb540f166e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6B35 | 10432 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.