MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to `https://ttraff.cc/wix?keyword=chakravyuh+2012+movie++480p`. This URL is presented within the document body, disguised as a search result for a movie. The PDF also contains a large number of embedded links to other PDFs, a technique often used for SEO poisoning or to obscure malicious intent. While the majority of these linked PDFs are benign, the primary redirector is a strong indicator of malicious activity.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=chakravyuh+2012+movie++480p
- https://cdn.shopify.com/s/files/1/0429/6104/3605/files/loch_leven_fishing_reports.pdf
- https://cdn.shopify.com/s/files/1/0429/4190/7100/files/56684931989.pdf
- https://cdn.shopify.com/s/files/1/0465/0011/8680/files/vazokebopudusivizi.pdf
- https://cdn.shopify.com/s/files/1/0433/3145/3081/files/ano_ang_pabula.pdf
- https://cdn.shopify.com/s/files/1/0434/5180/9942/files/34770395681.pdf
- https://cdn.shopify.com/s/files/1/0430/9506/4733/files/michelin_star_guide_california_2019.pdf
- https://cdn.shopify.com/s/files/1/0434/0459/1255/files/vetibasifumoxanawod.pdf
- https://cdn.shopify.com/s/files/1/0432/7135/6582/files/calculus_bc_book.pdf
- https://cdn.shopify.com/s/files/1/0428/1594/6911/files/87633258657.pdf
- https://cdn.shopify.com/s/files/1/0434/4047/2214/files/bukotip.pdf
- https://cdn.shopify.com/s/files/1/0435/6282/7935/files/77627662729.pdf
- https://cdn.shopify.com/s/files/1/0429/7215/1959/files/gorod.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/22271122494.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000718f.bineec87857909a421e3536b6e7272d407871ab6886ef8d62fcbf199dab5682a39b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x718F | 5404 bytes |
font_01_sfnt_off00008401.bin62c6adce4b0e0fe3591fb46d53a77103b83753371e860b8655f030d7a9ff2d61 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8401 | 10336 bytes |
font_02_sfnt_off0000a79f.binead7fd593d7f5feef6f283420e9b55f8fa4552f107c64b0063d474dd3355abd8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA79F | 16164 bytes |
font_03_sfnt_off0000bcb8.bin9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBCB8 | 4324 bytes |
font_04_sfnt_off0000cab9.binaa680b1db804aff061262db2afd3f42e2d4f979240cc3a30dbff3bc037443827 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCAB9 | 3108 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.