MALICIOUS
128
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
The PDF contains a prominent link disguised as a download for 'Blitzkrieg 2 free full'. This link, https://ttraff.com/wix?keyword=blitzkrieg+2+free+full, is identified as a malicious redirector. The document also features a large number of embedded links to other PDFs hosted on Shopify, likely part of a link farm to improve search engine ranking for malicious content. No scripts were extracted from this sample.
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/wix?keyword=blitzkrieg+2+free+full
- https://cdn.shopify.com/s/files/1/0428/4514/3207/files/6890065426.pdf
- https://cdn.shopify.com/s/files/1/0429/8365/3527/files/40241676900.pdf
- https://cdn.shopify.com/s/files/1/0432/7931/9196/files/19827280885.pdf
- https://cdn.shopify.com/s/files/1/0429/0369/9615/files/narikofajekire.pdf
- https://cdn.shopify.com/s/files/1/0429/6713/8470/files/bellaire_primary_school_uniform.pdf
- https://static.usrfiles.com/ugd/b8c837_bca7dae9723a426da834de2cc5479dfb.pdf
- https://static.usrfiles.com/ugd/865d50_da31ce5db3344a4ab260364367ff0053.pdf
- https://static.usrfiles.com/ugd/b4609a_43ae40bf82d04be489eff63923f4b2cb.pdf
- https://static.usrfiles.com/ugd/b8c837_02d3e4587d254423a7fbd95ea432ab12.pdf
- https://static.usrfiles.com/ugd/d54300_acea71186b5a4328949aac5ecb1497c1.pdf
- https://static.usrfiles.com/ugd/8de238_65f9d81f7f3143b89b4fa755e7061d87.pdf
- https://static.usrfiles.com/ugd/05301a_dd2a14ee2f1a4fd4b00a3a5507039d5b.pdf
- https://static.usrfiles.com/ugd/7041e4_d2c9c48a13924c48ac56ab5a5979bd1a.pdf
- https://cdn.shopify.com/s/files/1/0430/3280/5527/files/58324089204.pdf
- https://cdn.shopify.com/s/files/1/0461/4271/8115/files/xixolelixav.pdf
- https://cdn.shopify.com/s/files/1/0436/8711/6953/files/98055299221.pdf
- https://cdn.shopify.com/s/files/1/0431/2052/5461/files/mepapupewufogipaxijuzigi.pdf
- https://cdn.shopify.com/s/files/1/0431/6738/3713/files/90704017764.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000069fb.bin9f8a202f9be86fba2788c2c6da4ebc57796900bc21fb20f837fd27021c26f109 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x69FB | 4840 bytes |
font_01_sfnt_off00007a99.bincd4d1c08d36e9d67f1b66eaa66ab4373ac67d97191da4ade1ea5e75daffd3f36 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7A99 | 10076 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.