Malware Insights
The PDF file was identified as malicious due to its inclusion of a link farm, a common technique for distributing malware or leading users to phishing sites. Specifically, it contains a critical heuristic firing for PDF_MALICIOUS_REDIRECTOR_LINK, pointing to 'https://ttraff.cc/wix?keyword=se+conduzido+entre+a+flor'. This URL is likely used to redirect users to a malicious destination. The PDF also exhibits characteristics of a PDF_SEO_LINK_FARM, with numerous external links, many hosted on cdn.shopify.com, suggesting an attempt to manipulate search engine results or distribute content widely.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=se+conduzido+entre+a+flor
- https://cdn.shopify.com/s/files/1/0429/6635/2025/files/85082217937.pdf
- https://cdn.shopify.com/s/files/1/0464/7301/9560/files/game_god_of_war_ps2_di_android.pdf
- https://cdn.shopify.com/s/files/1/0434/3513/1046/files/massage_intake_form_template_free.pdf
- https://static.usrfiles.com/ugd/b8c837_3ca733eb7ac848cf887eb8202189f8c1.pdf
- https://static.usrfiles.com/ugd/6f7357_2d28aad58ca94db4971792edb0d1f3b5.pdf
- https://static.usrfiles.com/ugd/b8c837_7d10fabd072346dda4cf7dba52b25347.pdf
- https://static.usrfiles.com/ugd/e745be_17561893a779478896ace4c1d90cbe8f.pdf
- https://static.usrfiles.com/ugd/34ec99_15ce7d09996844e3bf83bcccee9e9b60.pdf
- https://static.usrfiles.com/ugd/2ac701_04648110ab5b4d068c030abde1fce182.pdf
- https://static.usrfiles.com/ugd/b9801a_6f0c4f1a592c4d328ee6a24b9a437019.pdf
- https://cdn.shopify.com/s/files/1/0430/6881/7562/files/raperexexutelul.pdf
- https://cdn.shopify.com/s/files/1/0438/7245/2776/files/13348757149.pdf
- https://cdn.shopify.com/s/files/1/0432/3606/5438/files/lapan.pdf
- https://cdn.shopify.com/s/files/1/0433/9105/8083/files/88105125225.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000a09e.bin71147a8afdbeb0713463d6857ec76ae63cbb0301f2c9a576287b3277d54755b5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA09E | 4988 bytes |
font_01_sfnt_off0000b198.bin8a7f8eea04b915600643f7e0df6f6ae61d22c4365d7f2eac701858e33821d7a5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB198 | 2232 bytes |
font_02_sfnt_off0000bba8.binfe61ecfd064d255726976cfd7947f9133b1a1ccb654527f0412e5c7348325257 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBBA8 | 13564 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.