MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The PDF file contains multiple embedded links, with a critical heuristic firing for a malicious redirector. The primary malicious URL identified is https://ttraff.ru/pify?keyword=cgst+act+2020+pdf+in+english, which is likely used to redirect the user to a phishing or malware hosting site. Another heuristic identified a large number of external PDF links, suggesting a link farm for SEO poisoning or traffic generation. The document body contains garbled text but includes the URL and a reference to 'Cgst act 2020 pdf in english', indicating a lure.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.ru/pify?keyword=cgst+act+2020+pdf+in+english
- http://motebo.vesselsofcomfortministries.org/uploads/1/3/0/7/130776445/vamenujofusezifa.pdf
- http://files.porthackinglac.com/uploads/1/3/1/4/131438439/zujizefepapawej-faxig-magapul-raguzebimatosok.pdf
- http://files.olivianicolethreads.com/uploads/1/3/1/4/131437457/969a8e784fb8.pdf
- http://files.maxdesigns.com/uploads/1/3/2/7/132740501/ladabevubuv-rododekuva.pdf
- https://cdn.shopify.com/s/files/1/0432/9635/8565/files/gezufazupadutixi.pdf
- https://cdn.shopify.com/s/files/1/0431/5214/6587/files/79788526014.pdf
- https://cdn.shopify.com/s/files/1/0433/3761/3461/files/12959452291.pdf
- https://cdn.shopify.com/s/files/1/0428/3976/9254/files/sederik.pdf
- https://cdn.shopify.com/s/files/1/0429/8607/8369/files/3575625977.pdf
- https://cdn.shopify.com/s/files/1/0433/0569/7438/files/59376625582.pdf
- https://cdn.shopify.com/s/files/1/0430/7006/2754/files/sedufunomimuwa.pdf
- https://cdn.shopify.com/s/files/1/0428/9835/8432/files/juzopuzenafososokazulu.pdf
- https://cdn.shopify.com/s/files/1/0440/0673/6037/files/60657514484.pdf
- https://cdn.shopify.com/s/files/1/0431/8658/5749/files/fibasunonovoxitisowuva.pdf
- https://cdn.shopify.com/s/files/1/0432/1977/9741/files/html_embed_from_url.pdf
- https://cdn.shopify.com/s/files/1/0430/4266/8698/files/fefewivikofobu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d45c.binfd8ed69b8b11f63e103b88a10f80ac4a81d2dcaef72f0be0ca1d40788fa2f77f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD45C | 5500 bytes |
font_01_sfnt_off0000e717.bine73113632a87d493bbac340410a166925384e17207b497e1cdc0159b7478a98f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE717 | 15220 bytes |
font_02_sfnt_off0001165b.bin1faecf34624635473e592b317fec5b354106d5656525f77e1ed5542b68c4d3ce |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1165B | 3088 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.