MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded links, with the primary heuristic identifying it as a PDF SEO link farm. One of the embedded URLs, 'https://ttraff.cc/wix?keyword=iglesia+cristiana+de+tlaxiaco+videos', is flagged as a known malicious redirector. The document body also contains this URL, suggesting a deliberate attempt to redirect users to potentially harmful content. The presence of numerous links, including one to a malicious redirector, indicates a likely attack pattern focused on traffic redirection or SEO manipulation.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.cc/wix?keyword=iglesia+cristiana+de+tlaxiaco+videos
- https://cdn.shopify.com/s/files/1/0430/8231/7975/files/bodybuilding_food_plan.pdf
- https://cdn.shopify.com/s/files/1/0432/0329/7438/files/mabiwuz.pdf
- https://cdn.shopify.com/s/files/1/0436/4474/7929/files/christmas_word_scramble_worksheet_with_answers.pdf
- https://cdn.shopify.com/s/files/1/0434/6226/2936/files/xarejow.pdf
- https://cdn.shopify.com/s/files/1/0435/3448/3616/files/jekofofetuwegirademogogo.pdf
- https://cdn.shopify.com/s/files/1/0438/4607/4525/files/kawasaki_bayou_220_manual.pdf
- https://cdn.shopify.com/s/files/1/0431/6577/8076/files/16882505331.pdf
- https://cdn.shopify.com/s/files/1/0432/9802/9733/files/ravegimatazos.pdf
- https://cdn.shopify.com/s/files/1/0430/6855/5415/files/gezobadasuzozul.pdf
- https://static.usrfiles.com/ugd/15ebe2_d8ce8fcf7ac940a18ec0baa77454ea73.pdf
- https://static.usrfiles.com/ugd/b8c837_d771a117df0c467e8870d4fd291b8aa6.pdf
- https://static.usrfiles.com/ugd/6c98bc_43ec1316e36c48548d7c16c8a45aed89.pdf
- https://static.usrfiles.com/ugd/e2b09b_0f86508563f84d99bc8aa8694eee72f9.pdf
- https://static.usrfiles.com/ugd/b8c837_b291d8e5287540a7a20338fd5a39b0c9.pdf
- https://static.usrfiles.com/ugd/9c43ec_c1b2852b445a49799649e5d087279ea9.pdf
- https://static.usrfiles.com/ugd/4b7290_04cce58b905e4501b22e3b25dac5b992.pdf
- https://static.usrfiles.com/ugd/b8c837_edaa6cb7a74a450c919441e89df33d72.pdf
- https://static.usrfiles.com/ugd/b8c837_e1ecea4fb2ef4005905eea90850c4860.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000076a1.bin03dfc13c17162cdf388ea220f7d2d57eca68c1b8d1f9bba04cb2f2974f744254 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x76A1 | 5172 bytes |
font_01_sfnt_off00008846.bin2d9f5e710cb6036dfd638f5443570ae00e4a0c1c9f6c289e09346b95ec758de5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8846 | 11084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.