MALICIOUS
140
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
The PDF contains a malicious redirector link, identified by the PDF_MALICIOUS_REDIRECTOR_LINK heuristic. The document body, though heavily obfuscated, contains text fragments and URLs consistent with a phishing or scam lure, specifically referencing 'alumno.conalep.edu.mx' and a redirector URL. The SE_CALLBACK_LURE heuristic further suggests a callback phishing or tech-support scam context. The presence of a mass external PDF link farm indicates an attempt to broaden reach or potentially manipulate search engine results.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=alumno.+conalep.+edu.+mx+38383+inscr
- https://static.usrfiles.com/ugd/158fb9_efa6721b7c7a4af39031119629597dc9.pdf
- https://static.usrfiles.com/ugd/b8c837_b80a51276c4640d8b781c73719c34f29.pdf
- https://static.usrfiles.com/ugd/65b209_645f2ac3d33a4587b62823aa2f11dc9a.pdf
- https://static.usrfiles.com/ugd/b8c837_8758fbd13a154e019d46c88081db4d8f.pdf
- https://static.usrfiles.com/ugd/2c8d66_67c98a6bee284d1dba5d4aede88b82a2.pdf
- https://static.usrfiles.com/ugd/91e123_c852696c0cbe4aa8aa10610a6ab58ea2.pdf
- https://static.usrfiles.com/ugd/5926b4_f3444d70cc4f4a909ccef3ce4e9423ba.pdf
- https://static.usrfiles.com/ugd/a59130_5bf15396f1ce4dee91ff784083b250b9.pdf
- https://static.usrfiles.com/ugd/0d2908_4241764fe30e4017ab3eb3562714e20a.pdf
- https://static.usrfiles.com/ugd/3826db_887e82f7e3434799aa48333bec6ee4d0.pdf
- https://static.usrfiles.com/ugd/eed56f_7e741b4b9e2f43f5bf70445dd205351a.pdf
- https://static.usrfiles.com/ugd/b8c837_7af8bd65cb784c87af0e8e52cf512c72.pdf
- https://static.usrfiles.com/ugd/b8c837_4ba0a978e0bb41e2972748cc6b0578d4.pdf
- https://static.usrfiles.com/ugd/b8c837_fd0b3a0287df4e118ca475ca41038545.pdf
- https://static.usrfiles.com/ugd/b8c837_be614cb940534a99ba493049139c3711.pdf
- https://static.usrfiles.com/ugd/b8c837_3ea1cc07560c4c4fbd925c91d3e81fea.pdf
- https://static.usrfiles.com/ugd/455f95_f718cccd9be24b1b86869739fad1cad9.pdf
- https://static.usrfiles.com/ugd/b8c837_4cc8873b958a4a1c8d8e764c90605f5b.pdf
- https://static.usrfiles.com/ugd/0c8cc8_63ea278e11d54c3cba5781d9746b72e2.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000064b0.binc85985340dcf48c5e93cd800d9e0ff0652cdc5943218064720470c8974d00b37 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64B0 | 5668 bytes |
font_01_sfnt_off000077d2.bin605998e4d6c4388edb23b795423bae9f9857b99dc0f8c68a102e5fef542f8ade |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77D2 | 11576 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.