MALICIOUS
120
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains a large number of embedded links, with a critical heuristic firing for a PDF link farm. One of these links, 'https://ttraff.com/pify?keyword=android+mobile+png+frame', is identified as a malicious redirector. The document body, though heavily obfuscated, contains this URL, suggesting it's the primary lure. The presence of a link farm indicates an attempt to broaden the reach of the malicious link.
Heuristics 3
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ttraff.com/pify?keyword=android+mobile+png+frame
- http://files.jewellerybyjody.com/uploads/1/3/1/6/131606291/tixomora.pdf
- http://files.audiocognoscenti.com/uploads/1/3/2/7/132740547/4534660.pdf
- http://files.ambleon.net/uploads/1/3/1/0/131070125/zulalusimutolosu.pdf
- http://files.ignitethejoy.org/uploads/1/3/1/4/131438202/edd32ab9c76a1a.pdf
- http://files.audiocognoscenti.com/uploads/1/3/2/7/132740547/4534660.p
- https://cdn.shopify.com/s/files/1/0430/8795/4073/files/nabamotid.pdf
- https://cdn.shopify.com/s/files/1/0432/3698/2943/files/acute_coronary_syndrome_guidelines_stemi.pdf
- https://cdn.shopify.com/s/files/1/0430/4653/5322/files/gusezudijasaj.pdf
- https://cdn.shopify.com/s/files/1/0437/1283/9834/files/2408802084.pdf
- https://cdn.shopify.com/s/files/1/0433/6458/1525/files/fosemasudo.pdf
- https://cdn.shopify.com/s/files/1/0432/8321/8588/files/astronomy_today_eric_chaisson.pdf
- https://cdn.shopify.com/s/files/1/0432/6978/3720/files/68198167783.pdf
- https://cdn.shopify.com/s/files/1/0435/1361/0392/files/42248113228.pdf
- https://cdn.shopify.com/s/files/1/0430/9070/6589/files/97058165773.pdf
- https://cdn.shopify.com/s/files/1/0435/8314/4093/files/turuzadatolaputuvu.pdf
- https://cdn.shopify.com/s/files/1/0431/7554/2950/files/arquitetura_bioclimtica_do_espao_pblico.pdf
- https://cdn.shopify.com/s/files/1/0429/0589/5075/files/linat.pdf
- https://cdn.shopify.com/s/files/1/0440/3236/0613/files/mekezi.pdf
- https://cdn.shopify.com/s/files/1/0433/0346/9221/files/5995181580.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cb0c.bin68ff53ff5ca2968cc3201fbf70eb9279515b66544a07e289d0b14ca27dbd23d7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCB0C | 5312 bytes |
font_01_sfnt_off0000dd01.bin7ce1ff8ab557218836412cd28e8f65749159da605d48f1811cb3daef44f39b3c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDD01 | 10284 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.