MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file contains a significant number of embedded external links, a technique often used to create link farms for SEO manipulation or to redirect users to malicious sites. One of the primary links, 'https://ttraff.link/wix?keyword=escape+carolyn+jessop+pdf', is flagged as a malicious redirector. While many other links point to benign Shopify domains, the presence of the malicious redirector and the sheer volume of links suggest a malicious intent to lure users to harmful content.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.link/wix?keyword=escape+carolyn+jessop+pdf
- https://cdn.shopify.com/s/files/1/0436/2970/7422/files/jikiposesagusirarujubod.pdf
- https://cdn.shopify.com/s/files/1/0479/0838/9031/files/define_5_themes_of_ap_world_history.pdf
- https://cdn.shopify.com/s/files/1/0447/7508/0087/files/51711566468.pdf
- https://d45abef7-3600-4a5d-a770-f4d4eb1541fe.filesusr.com/ugd/45fd81_8157e404ba1847868a6d0f66d1a66d3f.pdf?index=true
- https://1eaab881-5c2a-41a6-a428-8c37cbf7d08b.filesusr.com/ugd/d13e1f_d826845bd4e14ea097267d22258f116b.pdf?index=true
- https://7fbeab49-e59c-4c00-8ff8-780dc91db50a.filesusr.com/ugd/7cefa9_68a728f934ca406aa8d9dc632719708c.pdf?index=true
- https://51500f8b-fdd3-4b0d-b921-f3417294e90d.filesusr.com/ugd/03ae60_aeaa6e5c567e4bd59ed177585cccf1fe.pdf?index=true
- https://37354c80-d7c7-4261-a478-2644e423de08.filesusr.com/ugd/8f6098_aebbbedf35ff452c9f61632d9fcadc40.pdf?index=true
- https://dece13eb-8f57-4d3f-981b-01e681d25be0.filesusr.com/ugd/2994dd_25d6e71f09af44f1acd37ed6071e011a.pdf?index=true
- https://2ee523f9-7a63-40a7-9563-845a32c6d754.filesusr.com/ugd/b1b3ad_a0d2149be8d84f3fa3b8849be8c10ca8.pdf?index=true
- https://cdn.shopify.com/s/files/1/0438/8359/3880/files/gipsy_kings_piano_sheet_music.pdf
- https://cdn.shopify.com/s/files/1/0433/0687/7080/files/49605194079.pdf
- https://cdn.shopify.com/s/files/1/0428/2066/5510/files/sunmica_design_catalog.pdf
- https://cdn.shopify.com/s/files/1/0435/5247/3252/files/8309094613.pdf
- https://cdn.shopify.com/s/files/1/0431/6351/7092/files/fesusejepedosevefabar.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00008816.bin8d3917685e5770a92a2a0c60161b543a6bacfd319be6acfc7250d75b47fe6813 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8816 | 5284 bytes |
font_01_sfnt_off00009a33.bin301294e7a052a9c5799339d2423a50f58d881593845d91984c1f1cc0c2753f3b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A33 | 10120 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.