MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a heuristic firing for a malicious redirector link, specifically pointing to 'https://ttraff.ru/pify?keyword=konica+autoreflex+tc+user+guide'. The document body, though heavily obfuscated, contains references to this URL and other embedded URLs, suggesting a link farm or redirection scheme. The presence of numerous external PDF links, many hosted on Shopify, further indicates a potential SEO poisoning or link farm tactic to distribute malicious content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=konica+autoreflex+tc+user+guide
- http://files.curielkitchendesigns.co.uk/uploads/1/3/1/8/131856326/f384d4c795948.pdf
- http://xigokoda.brookebittel.com/uploads/1/3/2/6/132682883/gipis-xanunarikufu-posuwoxujuwe.pdf
- http://files.npquinn.com/uploads/1/3/1/6/131606118/mozerazurafi.pdf
- http://files.nealybirthandlactation.com/uploads/1/3/1/0/131070895/zogozorumipas-sudadarowiro-fepofonel-tudeverigax.pdf
- http://monoxi.juditvarga.net/uploads/1/3/1/0/131070858/4856670.pdf
- https://cdn.shopify.com/s/files/1/0434/2317/0710/files/55007442020.pdf
- https://cdn.shopify.com/s/files/1/0440/2737/9877/files/activity_books_for_11_year_olds.pdf
- https://cdn.shopify.com/s/files/1/0443/9402/1030/files/demenaloxov.pdf
- https://cdn.shopify.com/s/files/1/0429/8945/3473/files/91796424159.pdf
- https://cdn.shopify.com/s/files/1/0441/3492/4440/files/favuvun.pdf
- https://cdn.shopify.com/s/files/1/0437/8106/2817/files/ramiwemaxusivebutozope.pdf
- https://cdn.shopify.com/s/files/1/0430/1042/4985/files/wabetesuna.pdf
- https://cdn.shopify.com/s/files/1/0430/4817/3722/files/73594045162.pdf
- https://cdn.shopify.com/s/files/1/0431/9716/9824/files/lonaj.pdf
- https://cdn.shopify.com/s/files/1/0438/1815/6192/files/barefoot_in_the_park_play_script_free.pdf
- https://cdn.shopify.com/s/files/1/0441/1896/6424/files/golf_course_website_design_templates.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000601d.bin4ebf429bd70b9455bc2a1d8b2b7ac79ea4c782ba76bee139b88a880331e529e9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x601D | 5224 bytes |
font_01_sfnt_off000071f4.bin761693375fc265176bc3f95572370efeb36d4288903365dc6badeb91a74fd6d4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x71F4 | 10192 bytes |
font_02_sfnt_off00009505.bin028dbaa76d48ae99b02248bacea50134e27ed131f5dd39e25ac401de8961e19b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9505 | 16312 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.