MALICIOUS
168
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
T1059.003 Windows Command Shell
The PDF contains a critical heuristic firing for a malicious redirector link pointing to 'https://ttraff.ru/pify?keyword=canon+eos+760d+manual+pdf'. Additionally, it exhibits characteristics of a PDF link farm, with numerous embedded URLs, including benign ones hosted on Shopify. The document also contains a lure to execute commands via the clipboard, suggesting a multi-stage attack. No scripts were extracted, but the combination of a malicious redirector and clipboard command lure indicates a high likelihood of a phishing or malware delivery attempt.
Heuristics 5
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Clipboard command execution lure high SE_CLIPBOARD_COMMAND_LUREDocument tells the user to copy or paste clipboard content into Run, PowerShell, cmd, or another shell-like execution context
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=canon+eos+760d+manual+pdf
- http://files.hopkinton-sepac.org/uploads/1/3/1/8/131856271/138d9e55556ee.pdf
- http://files.teamworksart.org/uploads/1/3/0/8/130813841/telivutinevamon_pimudo_sobojibamosivi.pdf
- http://files.handandgear.com/uploads/1/3/1/3/131379406/gajurufafusos.pdf
- https://cdn.shopify.com/s/files/1/0431/4346/3074/files/62025756065.pdf
- https://cdn.shopify.com/s/files/1/0434/0088/8469/files/14461263493.pdf
- https://cdn.shopify.com/s/files/1/0433/0084/7781/files/2315035948.pdf
- https://cdn.shopify.com/s/files/1/0438/1255/2864/files/lexus_rx_350_repair_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/2216/3866/files/45571946976.pdf
- https://cdn.shopify.com/s/files/1/0432/6726/0582/files/63361311117.pdf
- https://cdn.shopify.com/s/files/1/0428/4514/3207/files/51737253579.pdf
- https://cdn.shopify.com/s/files/1/0433/6877/5841/files/persona_bergman_analysis.pdf
- https://cdn.shopify.com/s/files/1/0432/0408/3869/files/93976808338.pdf
- https://cdn.shopify.com/s/files/1/0428/5179/5107/files/24748986405.pdf
- https://cdn.shopify.com/s/files/1/0439/4234/6907/files/wuvikatutosuje.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00007d85.bine2c106ddcfdc8fc930ba50871cafe733b778e0325afe3d844eb573994856f4d5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7D85 | 5372 bytes |
font_01_sfnt_off00008fbf.bineb32361fafc97123be935623760081e0a8563ada96033bdef5dd0a510fe001b7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8FBF | 15648 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.