MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains a heuristic firing for a malicious redirector link, which points to 'https://ttraff.me/wix?keyword=automatic+control+textbook+pdf'. This URL is presented in a way that mimics a search result for a textbook, likely to trick users into clicking it. The document body, though heavily obfuscated, also contains this URL and numerous other links hosted on cdn.shopify.com, suggesting a link farm or SEO poisoning tactic. No scripts were extracted from this sample.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.me/wix?keyword=automatic+control+textbook+pdf
- https://cdn.shopify.com/s/files/1/0429/1746/2182/files/bruce_lipton_libros.pdf
- https://cdn.shopify.com/s/files/1/0433/7260/9686/files/worofuxusedipomokuj.pdf
- https://cdn.shopify.com/s/files/1/0427/8140/9436/files/92203920601.pdf
- https://cdn.shopify.com/s/files/1/0432/3724/5086/files/66242386944.pdf
- https://cdn.shopify.com/s/files/1/0437/8296/3349/files/88785607136.pdf
- https://cdn.shopify.com/s/files/1/0430/0010/3073/files/tugusisugi.pdf
- https://cdn.shopify.com/s/files/1/0431/5149/1236/files/99723384794.pdf
- https://cdn.shopify.com/s/files/1/0437/5733/8776/files/64037786711.pdf
- https://cdn.shopify.com/s/files/1/0435/6613/7507/files/doger.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/zipepatijexozuzazes.pdf
- https://cdn.shopify.com/s/files/1/0431/9775/9643/files/gupiba.pdf
- https://cdn.shopify.com/s/files/1/0430/7851/6885/files/proportional_and_nonproportional_rel.pdf
- https://cdn.shopify.com/s/files/1/0432/6742/4416/files/febonevopes.pdf
- https://cdn.shopify.com/s/files/1/0437/3915/2536/files/salupojidutedisasinawasu.pdf
- https://cdn.shopify.com/s/files/1/0431/8117/9037/files/besorotorulubu.pdf
- https://cdn.shopify.com/s/files/1/0434/7245/3797/files/67992328476.pdf
- https://cdn.shopify.com/s/files/1/0431/1734/6976/files/update_windows_7_ultimate_sp1.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006704.bin98bc8c02d43dc7ae38ec027f88a2b8d2a4a57c3da6e0e1783ab5399b9a263cf4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6704 | 5384 bytes |
font_01_sfnt_off00007939.bin33d80b5e357abfa3ea91f5eff18928953f8e36d8e9a7aea158c838e8ae756dd9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7939 | 2116 bytes |
font_02_sfnt_off00008303.bin9e97afc7f003f0007610de1913ede17cf96fc3aa9c15d45604e7a10be92c368b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8303 | 15040 bytes |
font_03_sfnt_off0000b12f.bin31d8ae24dc66ac43da326225da1c9cafb238977c2d450e198d37b4668543bb83 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB12F | 17168 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.